Misconfigurations in Microsoft Power Pages could expose millions of sensitive records

Misconfigurations in Microsoft Power Pages could expose millions of sensitive records

Briefly

In September 2024, I uncovered significant amounts of data being exposed to the public internet as a result of misconfigured access controls in Microsoft Power Page websites.

ITProhttps://www.itpro.com/security/misconfigurations-in-microsoft-power-pages-could-expose-millions-of-sensitive-records

The main benefits of Power Pages over traditional custom web development include out-of-the-box (OOB) role based access control (RBAC) and a drag-and-drop interface.

ITProhttps://www.itpro.com/security/misconfigurations-in-microsoft-power-pages-could-expose-millions-of-sensitive-records

Costello warned that the easy deployments enabled by Power Pages could come at the expense of security, stating that he found several million records exposed.

ITProhttps://www.itpro.com/security/misconfigurations-in-microsoft-power-pages-could-expose-millions-of-sensitive-records

Admins should be wary of using 'anonymous role' in table permissions, as these misconfigurations can lead to unauthorized access to sensitive PII.

ITProhttps://www.itpro.com/security/misconfigurations-in-microsoft-power-pages-could-expose-millions-of-sensitive-records