Google Workspace weaknesses allow plaintext password theft


Novel weaknesses in Google Workspace have been exposed by researchers, with exploits potentially leading to ransomware attacks, data exfiltration, and password decryption.

Researchers at Bitdefender say the methods could also be used to access Google Cloud Platform (GCP) with custom permissions and could move from machine to machine.

The infoseccers say Google told them the weaknesses would not be addressed and won’t receive any security fixes since they fall outside the company’s threat model. 

Vulnerabilities that rely on compromised local machines, like those highlighted by Bitdefender today, aren’t considered Google-specific bugs since a compromise through methods like malware should be covered by an organization’s existing security controls.

Read more…