Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access
A "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature has been identified by cybersecurity researchers. This flaw could be used by threat actors to facilitate privilege escalation and gain unauthorized access to Workspace APIs without the need for super admin privileges.
In a technical report shared with The Hacker News, cybersecurity firm Hunters stated that "such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all of the identities in the target domain."
The design flaw, which is still active today, has been given the codename DeleFriend because it allows users to modify delegations that are already in place in Google Workspace read more Design Fl...