Costello noted that during his research, which involved an audit of websites, he found several million sensitive records. Adding that to all websites based on Power Pages, the score is almost huge.
“In one instance, a major provider of shared business services for the NHS leaked the details of more than 1.1 million NHS staff, with large chunks of data including email addresses, phone numbers, and even staff’s home addresses,” Costello said. his report. “These findings have been responsibly disclosed and resolved.”
Misunderstanding the Power Pages access controls
Microsoft Power Pages is a low-code software as a service (SaaS) platform that businesses can use to create business websites. Compared to building websites from scratch, Power Pages already offers the implementation of role-based access control (RBAC), a built-in database in the form of Microsoft Dataverse, and drag-and-drop environments for various components that can be used to build. website.
Source link