AuraInspector: Auditing Salesforce Aura for Data Exposure

Written by: Amine Ismail, Anirudha Kanodia Introduction Mandiant is releasing AuraInspector, a new open-source tool designed to help defenders identify and audit access control misconfigurations within the Salesforce Aura framework . Salesforce Experience Cloud is a foundational platform for many businesses, but Mandiant Offensive Security Services (OSS) frequently identifies misconfigurations that allow unauthorized users to access sensitive data including credit card numbers, identity documents, and health information. These access control gaps often go unnoticed until it is too late.

This post details the mechanics of these common misconfigurations and introduces a previously undocumented technique using GraphQL to bypass standard record retrieval limits. To help administrators secure their environments, we are releasing AuraInspector , a command-line tool that automates the detection of these exposures and provides actionable insights for remediation. aside_block <ListValue: [StructValue([('title', 'AuraInspector'), ('body', <wagtail. rich_text. RichText object at 0x7fdb083fccd0>), ('btn_text', 'Get AuraInspector'), ('href', 'https://github.

com/google/aura-inspector'), ('image', None)])]> What Is Aura? Aura is a framework used in Salesforce applications to create reusable, modular components. It is the foundational technology behind Salesforce's modern UI, known as Lightning Experience. Aura introduced a more modern, single-page application (SPA) model that is more responsive and provides a better user experience. As with any object-relational database and developer framework, a key security challenge for Aura is ensuring that users can only access data they are authorized to see.

More specifically, the Aura endpoint is used by the front-end to retrieve a variety of information from the backend system, including Object records stored in the database.