Abusing Misconfigured Salesforce Communities for Recon and Data Theft

Our research team has discovered numerous publicly accessible Salesforce Communities that are misconfigured and expose sensitive information.
Nitay Bachrach
10 min read
Last updated April 30, 2023

 

Originally posted August 10, 2021.

Executive Summary

A misconfigured Salesforce Community may lead to sensitive Salesforce data being exposed to anyone on the internet. Anonymous users can query objects that contain sensitive information such as customer lists, support cases, and employee email addresses.

This isn’t the first, nor the last time a SaaS configuration will create a potential security incident, underscoring the need for security teams to continually assess their SaaS exposure.

This guide explains how an attacker can exploit the misconfiguration and gives Salesforce admins detailed steps to:

  1. Ensure your guest profile permissions don’t expose things you don’t want to be exposed (account records, employee calendars, etc.)
  2. Disable API access for your guest profile
  3. Set the default owner for records created by guest users
  4. Enable secure guest user access

Impact

At a minimum, a malicious actor could exploit this misconfiguration to perform recon for a spear-phishing campaign. At worst, they could steal sensitive information about the business, its operations, clients, and partners.

In some cases, a sophisticated attacker may be able to move laterally and retrieve information from other services that are integrated with a Salesforce account.

What are Salesforce Communities?

A Salesforce Community site lets your customers and partners interface with your Salesforce instance from outside your organization —they can open support tickets, ask questions, manage their subscriptions, and much more.

Communities are public-facing and, by default, indexed by Google. While this is useful for customers and partners, it makes it easy for attackers to discover public communities.

As you will see, Salesforce is highly customizable and can be difficult to administer. No two Salesforce instances are the same, with hundreds of third-party apps, custom objects, and configurations.

Technical Background

Salesforce communities run on Salesforce’s Lightning framework. Lightning is a rapid development framework for mobile and desktop sites.

Salesforce Lightning is a component-oriented framework. Those components, called aura components, are self-contained objects that a developer can assemble to create custom web pages.

Aura components can be used to perform actions on Salesforce objects—such as viewing or updating records. Components have controllers that export different methods to perform certain tasks.

Browsing a community site with a proxy service, such as Burp suite, shows us Lightning in action. The front-end web UI of a community uses the HTTP endpoint /s/sfsites/aura.

The browser uses the aura endpoint to retrieve information about the site and perform server-side actions as the user interacts with the community site. Naturally, the user’s permissions apply to these actions.

Browsing Salesforce with Burp Suite

Calling the aura endpoint is simply an HTTP request, either GET or POST, which consists of the following parameters:

  • pageURI – the path to the site, without the host. For example: “/s/”.
  • token – the current user’s token. The value of “undefined” indicates a guest user.
  • context – the current session’s context, provided by the site.
  • message – describes the desired action. It is possible to execute numerous methods in the same aura call. This structure contains a list of actions, which contain the method’s descriptor (a unique identifier of the method) and the call parameters.

The message structure is a URL-encoded JSON. Here is an example:


{
  "actions": [
    {
      "id": "222;a",
      "descriptor": "serviceComponent://ui.force.components.controllers.hostConfig.HostConfigController/ACTION$getConfigData ",
      "callingDescriptor": "UNKNOWN",
      "params": {}
    }
  ]
}
  • id – a random string that can be used when sending more than one action in a single request. That way the browser can match actions and responses.
  • descriptor – the specific method to call.
  • callingDescriptor – Usually “UNKNOWN,” as this parameter is often ignored
  • params – Used to provide parameters to the method

There are many different methods an unauthenticated user can execute to perform actions, such as:

  • Get information about the site
  • Get information about the Salesforce subscription
  • View default and custom objects and their fields
  • Retrieve data and records

Some of the objects you can query are Account, User, Case, Employee, Attachment, Contact, and Lead if access has been granted to the guest user.

How can attackers exploit misconfigured communities?

In misconfigured sites, the attacker can perform recon by looking for information about the organization, like users, objects, and fields that expose names and email addresses, and in many cases, they can access the system or steal information.

First, the attacker must find a community site to exploit. Some Google magic will do the trick. There are common URL “fingerprints” that will indicate a website is powered by Salesforce Communities:

  • /s/topic
  • /s/article
  • /s/contactsupport

Let me Google that for you

Using operators such as “inurl:” together with the name of the target for example, one can often find the desired community site:

Google search with inurl parameter

The next step is to retrieve information about the site. The attacker can do that by calling the following method:


serviceComponent://ui.force.components.controllers.hostConfig.HostConfigController/ACTION$getConfigData

This method returns the domain of the organization, some security settings (e.g., allowed content security policy (CSP) domains), and available objects.

The attacker can call different methods to perform different actions such as:

  • Listing Salesforce objects
  • Listing records
  • Searching for records
  • Retrieving an object
  • Fetching information about the salesforce instance

Fetching sensitive data

Attackers can try to access sensitive data directly. Our security team has found troves of exposed sensitive records in our research.

The attacker can target specific objects and examine them by calling the method:


aura://RecordUiController/ACTION$getObjectInfo

Which returns information about an object. This method supports all kinds of objects including custom ones.

The information includes the different fields, how they are configured, and the child relationships of the object.

The next step would be listing the records using the method:


serviceComponent://ui.force.components.controllers.lists.selectableListDataProvider.SelectableListDataProviderController/ACTION$getItems.

Here’s an example of listing Account records using this method:

The attacker can then fetch even more information using methods such as:


serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$getRecord

or


aura://RecordUiController/ACTION$getRecordWithFields

To fetch interesting records with more fields and related objects.

Hunting for vulnerable third-party components

An advanced adversary might try to attack vulnerable custom and 3rd party components.

When browsing the site, we can see that the browser loads several different JavaScript files with weird URLs, which begin with /l/ and then an encoded JSON object.

In these JavaScript files, we can find the definitions for the most accessible endpoints, including custom ones and/or third-party applications. The definitions are encoded in JSON:


{
  "descriptor": "compound://my_app.Component",
  "ac": [
    {
      "n": "doAction",
      "descriptor": "apex://my_app.ComponentController/ACTION$doAction",
      "at": "SERVER",
      "rt": "apex://String",
      "pa": [],
      "st": true
    }
  ],
  "pa": [
    {
      "name": "paramName",
      "type": "apex://String"
    }
  ]
}

By scanning the response for similarly formed JSON strings, one can learn about the custom methods and how to call them.

What can you do about it?

Managing a community site is a tough job. It is important to make sure that anonymous guest users and community users can only access intended and required records. There is info that you may want to share with the world and others that you don’t.

To secure your Salesforce environment, it is very important to adhere to the principle of least privilege and ensure that guest profiles only allow the minimum required permissions.

Step 1 – Audit your guest profile permissions

Navigate to your Site Builder (search for “All Sites” in the setup) and click on Settings or the gear icon on the left.

You will find your guest user profile under General. Click on it to modify the guest user’s permissions.

Here you can control field-level security to control access at a very granular level. This is where you will need to make decisions about access that are specific to your business needs.

Step 2 – Disable API access

It’s important to ensure that API enabled is unchecked. It’s recommended to disable Access Activities as well.

It is important to continuously monitor guest and community user permissions and sharing roles and to keep an eye on the records they own (and their related objects) to ensure sensitive information does not become publicly accessible.

Step 3 – Set a default owner for records created by guest users

Either go directly to your site’s workspaces, or use the site builder to navigate to the Administration workspace:

Under preferences, make sure that you set up a default owner for records created by guest users and, in most cases, you’ll want to turn off Let guest users see members of this site.

Step 4 – Enable secure guest user record access

Verify that the default access setting for guest users is secure: go to setup, and search for Sharing Settings. There look for the option Secure guest user record access and verify that it’s checked.

Salesforce is trying to help you make smart decisions about guest access. As of the Summer ’20 release, Salesforce has made it impossible to disable this setting. They’ve also now prevented you from granting guest users the View All Users permissions and you can’t give them access to view all data.

It’s still of utmost importance, however, to review configuration settings. Salesforce cannot disable them all for you because different users have different requirements.

Wrapping up

As you can see, with SaaS applications as complex and customizable as Salesforce there are countless configuration settings and permissions to worry about.

Most organizations deploy dozens of sanctioned SaaS applications, each with its own objects, permissions models, APIs, and sharing features.

This is why we built DatAdvantage Cloud-to provide a unified way to find exposures, right-size privileges, and perform investigations across all your sanctioned SaaS applications.

Appendix: Aura descriptors and how to use them


serviceComponent://ui.force.components.controllers.hostConfig.HostConfigController/ACTION$getConfigData
  • No parameters

Gets the app data, including a list of objects which often includes custom objects, and the Salesforce login domain.


serviceComponent://ui.global.components.one.one.controller.OneController/ACTION$getCurrentApp
  • No parameters

Gets more information about the app including an extended list of objects


aura://RecordUiController/ACTION$getObjectInfo
  • ObjectApiName (String) – the name of the object

This function returns the definition of the object: its fields, its relationships, and configuration.


serviceComponent://ui.force.components.controllers.lists.selectableListDataProvider.SelectableListDataProviderController/ACTION$getItems
  • entityNameOrId (String) – the name of the object to list. For example: “Account” or “User”
  • pageSize (Int) – Number of records to retrieve. Up to 1000
  • currentPage(int) – If there are more than pageSize records, use this to get the next pages.
  • getCount (Boolean) – whether the total number of records should be retrieved.
  • layoutType (String) – The layout. Provide “FULL” to get more data
  • enableRowActions(Boolean) – true
  • useTimeout (Boolean) – false

Lists records of the specified objects.


serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$getRecord
  • recordDescriptor(string) – the record “descriptor” – use the following format:

{id}.undefined.null.null.null.Id.VIEW.false.null.{fields}.null
  • Id – the id of the record to retrieve, fields – a comma-separated of fields to return. Replace all dots “.” with “;2”. For example:

00500000000XxXXWXX.undefined.null.null.null.Id.VIEW.false.null.Name,CreateBy;2Name.null

Other undocumented endpoints

  1. aura://ActionsController/ACTION$getActionLayout
  2. aura://ActionsController/ACTION$getGlobalActions
  3. aura://ActionsController/ACTION$getListViewActions
  4. aura://ActionsController/ACTION$getLookupActions
  5. aura://ActionsController/ACTION$getMRUListActions
  6. aura://ActionsController/ACTION$getObjectCreateActions
  7. aura://ActionsController/ACTION$getQuickActionDefaults
  8. aura://ActionsController/ACTION$getRecordActions
  9. aura://ActionsController/ACTION$getRecordEditActions
  10. aura://ActionsController/ACTION$getRelatedListActions
  11. aura://ActionsController/ACTION$getRelatedListRecordActions
  12. aura://ActionsController/ACTION$getRelatedListsActions
  13. aura://ApexActionController/ACTION$execute
  14. aura://AppsController/ACTION$getNavItems
  15. aura://CanvasController/ACTION$getCanvasData
  16. aura://CommerceCatalogController/ACTION$getProduct
  17. aura://CommerceCatalogController/ACTION$getProductCategoryPath
  18. aura://CommerceImporterController/ACTION$importProducts
  19. aura://CommerceSearchController/ACTION$searchProducts
  20. aura://CommerceStorePricingController/ACTION$getProductPrice
  21. aura://ComponentController/ACTION$getApplication
  22. aura://ComponentController/ACTION$getApplicationDef
  23. aura://ComponentController/ACTION$getComponent
  24. aura://ComponentController/ACTION$getComponentDef
  25. aura://ComponentController/ACTION$getComponents
  26. aura://ComponentController/ACTION$getDefinitions
  27. aura://ComponentController/ACTION$getEventDef
  28. aura://ComponentController/ACTION$loadLabels
  29. aura://ComponentController/ACTION$reportDeprecationUsages
  30. aura://ComponentController/ACTION$reportFailedAction
  31. aura://ComponentController/ACTION$reportUsages
  32. aura://ConversationController/ACTION$getConversationCallStructureAndInsights
  33. aura://DynamicComponentController/ACTION$getTemplateDescriptorWithExpansionBundle
  34. aura://HostConfigController/ACTION$getConfigData
  35. aura://LabelController/ACTION$getLabel
  36. aura://LightningExperienceAssistantPlatformController/ACTION$getActiveQuestionnaires
  37. aura://LightningExperienceAssistantPlatformController/ACTION$getActiveScenarios
  38. aura://LightningExperienceAssistantPlatformController/ACTION$getAssistant
  39. aura://LightningExperienceAssistantPlatformController/ACTION$getQuestionnaire
  40. aura://LightningExperienceAssistantPlatformController/ACTION$saveAssistant
  41. aura://LightningExperienceAssistantPlatformController/ACTION$saveQuestionnaire
  42. aura://LinkedInSalesNavigatorController/ACTION$getSalesAccessToken
  43. aura://LinkedInSalesNavigatorController/ACTION$getSignupUrl
  44. aura://ListUiController/ACTION$getListInfoById
  45. aura://ListUiController/ACTION$getListInfoByName
  46. aura://ListUiController/ACTION$getListRecordsById
  47. aura://ListUiController/ACTION$getListRecordsByName
  48. aura://ListUiController/ACTION$getListUiById
  49. aura://ListUiController/ACTION$getListUiByName
  50. aura://ListUiController/ACTION$getListsByObjectName
  51. aura://LookupController/ACTION$getLookupRecords
  52. aura://ManagedContentController/ACTION$getManagedContentByTopicsAndContentKeys
  53. aura://ManagedContentController/ACTION$getPublishedManagedContentListByContentKey
  54. aura://MruListUiController/ACTION$getMruListInfo
  55. aura://MruListUiController/ACTION$getMruListRecords
  56. aura://MruListUiController/ACTION$getMruListUi
  57. aura://NavEventManagerController/ACTION$getClassicNonSetupPageReferenceMappings
  58. aura://NavEventManagerController/ACTION$getClassicSetupPageReferenceMappings
  59. aura://NavEventManagerController/ACTION$getResolvedIntegrationUrl
  60. aura://NavigationMenuController/ACTION$getCommunityNavigationMenu
  61. aura://OrchestrationController/ACTION$getOrchestrationInstance
  62. aura://OrchestrationController/ACTION$getOrchestrationInstanceCollection
  63. aura://OrchestrationController/ACTION$publishOrchestrationEvent
  64. aura://RecordMruController/ACTION$updateMru
  65. aura://RecordUiController/ACTION$createRecord
  66. aura://RecordUiController/ACTION$deleteRecord
  67. aura://RecordUiController/ACTION$executeAggregateUi
  68. aura://RecordUiController/ACTION$executeGraphQL
  69. aura://RecordUiController/ACTION$findDuplicates
  70. aura://RecordUiController/ACTION$getAggregateUi
  71. aura://RecordUiController/ACTION$getDedupeConfig
  72. aura://RecordUiController/ACTION$getDuplicateConfig
  73. aura://RecordUiController/ACTION$getFormByName
  74. aura://RecordUiController/ACTION$getLayout
  75. aura://RecordUiController/ACTION$getLayoutUserState
  76. aura://RecordUiController/ACTION$getObjectInfo
  77. aura://RecordUiController/ACTION$getObjectInfos
  78. aura://RecordUiController/ACTION$getPicklistValues
  79. aura://RecordUiController/ACTION$getPicklistValuesByRecordType
  80. aura://RecordUiController/ACTION$getRecordAvatars
  81. aura://RecordUiController/ACTION$getRecordCloneDefaults
  82. aura://RecordUiController/ACTION$getRecordCreateDefaults
  83. aura://RecordUiController/ACTION$getRecordDefaultsTemplateClone
  84. aura://RecordUiController/ACTION$getRecordDefaultsTemplateForCreate
  85. aura://RecordUiController/ACTION$getRecordUis
  86. aura://RecordUiController/ACTION$getRecordWithFields
  87. aura://RecordUiController/ACTION$getRecordWithLayouts
  88. aura://RecordUiController/ACTION$getRecordsWithFields
  89. aura://RecordUiController/ACTION$getRecordsWithLayouts
  90. aura://RecordUiController/ACTION$getValidationRulesInfo
  91. aura://RecordUiController/ACTION$postRecordAvatarAssociation
  92. aura://RecordUiController/ACTION$updateLayoutUserState
  93. aura://RecordUiController/ACTION$updateRecord
  94. aura://RelatedListUiController/ACTION$getRelatedListInfo
  95. aura://RelatedListUiController/ACTION$getRelatedListInfoBatch
  96. aura://RelatedListUiController/ACTION$getRelatedListInfoByApiName
  97. aura://RelatedListUiController/ACTION$getRelatedListInfoCollection
  98. aura://RelatedListUiController/ACTION$getRelatedListRecordCount
  99. aura://RelatedListUiController/ACTION$getRelatedListRecords
  100. aura://RelatedListUiController/ACTION$getRelatedListRecordsBatch
  101. aura://RelatedListUiController/ACTION$getRelatedListsRecordCount
  102. aura://RelatedListUiController/ACTION$updateRelatedListInfoByApiName
  103. aura://SearchGridLWCController/ACTION$updateUserColumnWidthPref
  104. aura://SeoPropertiesController/ACTION$getRecordSeoProperties
  105. aura://SitesController/ACTION$searchSite
  106. aura://StyleController/ACTION$applyTokens
  107. aura://WaveController/ACTION$deleteDataset
  108. aura://WaveController/ACTION$deleteRecipe
  109. aura://WaveController/ACTION$executeQueryByInputRep
  110. aura://WaveController/ACTION$getAnalyticsLimits
  111. aura://WaveController/ACTION$getDataflowJob
  112. aura://WaveController/ACTION$getDataflowJobNode
  113. aura://WaveController/ACTION$getDataflowJobNodes
  114. aura://WaveController/ACTION$getDataflowJobs
  115. aura://WaveController/ACTION$getDataflowJobsByDataflowId
  116. aura://WaveController/ACTION$getDataset
  117. aura://WaveController/ACTION$getDatasets
  118. aura://WaveController/ACTION$getRecipe
  119. aura://WaveController/ACTION$getRecipes
  120. aura://WaveController/ACTION$getReplicatedDatasets
  121. aura://WaveController/ACTION$getSchedule
  122. aura://WaveController/ACTION$getWaveFolders
  123. aura://WaveController/ACTION$getXmd
  124. aura://WaveController/ACTION$startDataflow
  125. aura://WaveController/ACTION$updateDataflowJob
  126. aura://WaveController/ACTION$updateSchedule
  127. serviceComponent://ui.chatter.components.aura.components.forceChatter.groups.actions.EditGroupNotificationSettingsController/ACTION$getNotificationSettings
  128. serviceComponent://ui.chatter.components.aura.components.forceChatter.groups.actions.EditGroupNotificationSettingsController/ACTION$setNotificationSettings
  129. serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$addParticipants
  130. serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$createMessage
  131. serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$getMessagesDetail
  132. serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$getMessagesListData
  133. serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$getMessagingPermAndPref
  134. serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$getMoreReplies
  135. serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$getRichTextConfig
  136. serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$getUserDetails
  137. serviceComponent://ui.chatter.components.messages.MessagesController/ACTION$removeParticipants
  138. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.controller.PubliclyCacheableAttributeLoaderController/ACTION$getComponentAttributes
  139. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.controller.PubliclyCacheableComponentLoaderController/ACTION$getAudienceTargetedPageComponent
  140. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.controller.PubliclyCacheableComponentLoaderController/ACTION$getPageComponent
  141. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.network.tracking.NetworkTrackingController/ACTION$createLogRecord
  142. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.qb.QuarterbackController/ACTION$getBootstrapCacheExpiration
  143. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.qb.QuarterbackController/ACTION$getTopicDescription
  144. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.qb.QuarterbackController/ACTION$isValidSObjectId
  145. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.qb.QuarterbackController/ACTION$setCurrentApp
  146. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.qb.QuarterbackController/ACTION$validateRoute
  147. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getActionOverrides
  148. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getArticleUrlNameAndVersionId
  149. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getArticleVersionId
  150. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getCMSContentTypeAndURLName
  151. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getCMSContentTypeUrlnameAndId
  152. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getCategoryPath
  153. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getNameFieldValue
  154. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$getPersonAccountIdFromContactId
  155. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.recordservicecomponent.RecordServiceComponentController/ACTION$isAllowViewEditConvertedLeadsOn
  156. serviceComponent://ui.comm.runtime.components.aura.components.siteforce.service.ServiceBodyController/ACTION$getTopicImageUrlFromContextId
  157. serviceComponent://ui.communities.components.aura.components.forceCommunity.baseSearch.BaseSearchController/ACTION$getCrossObjectDeflection
  158. serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.DeflectionDataProviderController/ACTION$getArticleDeflection
  159. serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.DeflectionDataProviderController/ACTION$getCombinedDeflection
  160. serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.DeflectionDataProviderController/ACTION$getCrossObjectDeflection
  161. serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.DeflectionDataProviderController/ACTION$getQuestionDeflection
  162. serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.LWCRecordDetailController/ACTION$getInitData
  163. serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.OmniBoxController/ACTION$getTopic
  164. serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.OmniBoxController/ACTION$getTopicFromEntityId
  165. serviceComponent://ui.communities.components.aura.components.forceCommunity.controller.OmniBoxController/ACTION$getTopicFromUrl
  166. serviceComponent://ui.communities.components.aura.components.forceCommunity.navigationMenu.NavigationMenuDataProviderController/ACTION$getNavigationMenu
  167. serviceComponent://ui.communities.components.aura.components.forceCommunity.signalCollector.SignalCollectorController/ACTION$sendSignals
  168. serviceComponent://ui.force.components.controllers.action.ActionController/ACTION$getServerSideComponent
  169. serviceComponent://ui.force.components.controllers.dedupe.DedupeManagerController/ACTION$findMatches
  170. serviceComponent://ui.force.components.controllers.dedupe.DedupeManagerController/ACTION$getConfig
  171. serviceComponent://ui.force.components.controllers.dedupe.DedupeManagerController/ACTION$loadObjectApiInfo
  172. serviceComponent://ui.force.components.controllers.dedupe.DedupeManagerController/ACTION$loadRecords
  173. serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$cloneRecordWithRelatedEntities
  174. serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$getDetailComponent
  175. serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$getEntityConfig
  176. serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$getNextRecordLayout
  177. serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$getPostSaveNavigationEvent
  178. serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$getRecord
  179. serviceComponent://ui.force.components.controllers.detail.DetailController/ACTION$saveSectionState
  180. serviceComponent://ui.force.components.controllers.dynamicLabel.UiDynamicLabelProviderController/ACTION$getLabel
  181. serviceComponent://ui.force.components.controllers.hostConfig.HostConfigController/ACTION$getConfigData
  182. serviceComponent://ui.force.components.controllers.inlineEdit.InlineEditController/ACTION$getNameField
  183. serviceComponent://ui.force.components.controllers.inlineEdit.InlineEditController/ACTION$getPostSaveNavigationEvent
  184. serviceComponent://ui.force.components.controllers.logoutHandler.LogoutHandlerController/ACTION$getLogoutURL
  185. serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$createQuickActionRecords
  186. serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$createRecord
  187. serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$deleteRecord
  188. serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$getRecord
  189. serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$saveQuickActionRecords
  190. serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$saveRecord
  191. serviceComponent://ui.force.components.controllers.recordGlobalValueProvider.RecordGvpController/ACTION$saveRecords
  192. serviceComponent://ui.force.components.controllers.recordLayoutBroker.RecordLayoutBrokerController/ACTION$getLayout
  193. serviceComponent://ui.force.components.controllers.recordLayoutBroker.RecordLayoutBrokerController/ACTION$getRecordAndLayout
  194. serviceComponent://ui.force.impl.aura.components.force.recordEditActions.RecordEditActionsController/ACTION$getEditActions
  195. serviceComponent://ui.global.components.one.actionsManager.ActionsManagerController/ACTION$handleAction
  196. serviceComponent://ui.identity.components.sessiontimeoutwarn.SessionTimeoutWarnController/ACTION$getSessionRefreshAction
  197. serviceComponent://ui.identity.components.sessiontimeoutwarn.SessionTimeoutWarnController/ACTION$getSessionTimeoutConfig
  198. serviceComponent://ui.instrumentation.components.beacon.InstrumentationBeaconController/ACTION$getLocators
  199. serviceComponent://ui.instrumentation.components.beacon.InstrumentationBeaconController/ACTION$sendData
  200. serviceComponent://ui.search.components.forcesearch.sgdp.MRUCacheController/ACTION$getGlobalMrus
  201. serviceComponent://ui.search.components.forcesearch.sgdp.PermsAndPrefsCacheController/ACTION$getPermsAndPrefs
  202. serviceComponent://ui.search.components.forcesearch.sgdp.ResultsFiltersCacheController/ACTION$getResultsFilterMetadata
  203. serviceComponent://ui.search.components.forcesearch.sgdp.ScopesCacheController/ACTION$getEntityLabels
  204. serviceComponent://ui.search.components.forcesearch.sgdp.ScopesCacheController/ACTION$getEntityNames
  205. serviceComponent://ui.search.components.forcesearch.sgdp.ScopesCacheController/ACTION$getScopeMaps
  206. serviceComponent://ui.self.service.components.profileMenu.ProfileMenuController/ACTION$getContextUserPhotoUrlAndUpdatedName
  207. serviceComponent://ui.self.service.components.profileMenu.ProfileMenuController/ACTION$getProfileMenuResponse
  208. serviceComponent://ui.sfa.components.nativeimport.ImportButtonController/ACTION$getConfig

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

active-directory-resource-center
Active Directory Resource Center
Active Directory is the basis of many enterprise networks. Learn some of the basics about AD in this guide.
what-is-a-ddos-attack?-identifying-denial-of-service-attacks
What is a DDoS Attack? Identifying Denial-of-Service Attacks
Distributed Denial-of-service (DDoS) attacks are disruptive and costly. Learn more about DDoS attacks and how you can better protect your network.
outlook-vulnerability-discovery-and-new-ways-to-leak-ntlm-hashes
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
Varonis Threat Labs discovered a new Outlook exploit and three new ways to access NTLM v2 hashed passwords.
what-is-a-brute-force-attack?
What is a Brute Force Attack?
A brute force attack (also known as brute force cracking) is the cyberattack equivalent of trying every key on your key ring, and eventually finding the right one. The most basic brute force attack is a dictionary attack, where the attacker works through a dictionary of possible passwords and tries them all.