Yet Another CASB Integration Takeover of Active Integrations

Cloudflare CASB on the Microsoft integration, was vulnerable to the confused deputy problem. This was previously reported in another HackerOne report (#1952124) however a bypass was found which consisted of manipulating the casing of Microsoft’s tenant UUID. If an attacker, via a brute force attack or another mechanism, was able to enumerate a valid Microsoft tenant UUID that an existing Cloudflare CASB customer had integrated with, then the attacker would have been able to create a new integration which could surface sensitive information. Cloudflare's CASB engineering team rapidly implemented a fix to disallow the ability to create multiple integrations pointing to the same tenant, thus nullifying the attack as an option.