

A new report out today from identity management startup Oasis Security Ltd. reveals critical security issues in Microsoft Corp.’s OneDrive File Picker, a widely used component that could expose users’ entire OneDrive content to third-party web applications.
The flaws, which affect numerous services, including ChatGPT, Slack, Trello and others, arise from excessive permissions granted through OAuth protocols and poorly secured sensitive access tokens.
The OneDrive File Picker is designed to let users upload or download files from OneDrive through web apps and does so by requesting broad OAuth scopes that enable reading or writing to a OneDrive account. When users intend to upload or share a single file, the picker’s default scope grants third-party apps unrestricted access to all OneDrive content. The level of access persists for at least an hour and, in some cases, can be prolonged by refresh tokens if developers implement them.
According to Oasis Security’s researchers, the overpermissioning is rooted in the lack of fine-grained scopes for the OneDrive File Picker and notable contrasts with more restrictive models used by services such as Google Drive and Dropbox. The research also notes how Microsoft’s wording in the user consent dialog misleads users into thinking that only specific files will be accessible, when in fact the entire drive is exposed.
Adding to the risk level is that older versions of the OneDrive File Picker (6.0-7.2) handled authentication using an implicit flow that exposed sensitive access tokens in URL fragments or stored them insecurely in browser localStorage. Even the latest version (8.0), which recommends using Microsoft Authentication Library, stores these tokens in session storage in plain text, leaving them vulnerable to unauthorized access if exploited.
Leaving the tokens exposed creates a potential attack vector for malicious apps or adversaries to gain ongoing access to sensitive OneDrive content.
Oasis estimates that hundreds of apps are affected. Popular platforms like ChatGPT, Slack, Trello, ClickUp and Phenome incorporate the OneDrive File Picker, potentially putting millions of users at risk.
Discussing the report, Jason Soroko, senior fellow at certificate management solutions company Sectigo Ltd., told SiliconANGLE via email that Oasis’s research is an “overprivileged OAuth” trap.
“Microsoft’s OneDrive File Picker encourages third-party web apps to request broad files,” he explained. “The read/write scope and the consent dialog doesn’t convey that a click grants the integrator a door into every file and folder in the user’s OneDrive, not just the document they meant to share. Once issued, those long-lived tokens are often cached in localStorage or back-end databases without encryption. Therefore, any token theft allows attackers to trawl an entire tenant’s data.”
Soroko added that security teams should enforce “admin consent” or conditional-access policies that block apps requesting anything beyond Files.Read. “They should also review existing enterprise app registrations for high-risk scopes and disable or re-authorize them with the least privilege alternatives and require short-lived bound tokens via Continuous Access Evaluation and token-protection in Entra ID,” he advised.
Danny Brickman, co-founder and chief executive of Oasis Security, spoke with theCUBE, SiliconANGLE Media’s livestreaming studio, in March, whenn he discussed how Oasis encourages companies to secure nonhuman identities:
Support our open free content by sharing and engaging with our content and community.
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.