Microsoft Teams Flaw Grant Hackers Access to Authentication Tokens

Share post:

Security researchers from Vectra have uncovered a vulnerability in the desktop app for Microsoft Teams that could give threat actors access to authentication tokens and accounts with multi factor authentication.

Microsoft Teams is an Electron app that implies that it runs in a browser window, complete with all the elements required for a regular website.

However, Electron does not support encryption or protected file storage by default. Therefore, it is not secure for the development of mission-critical products unless extensive customization and additional work is carried out.

In their analysis of Microsoft Teams, the researchers found an Idb file with access tokens in clear text. They also discovered that the “Cookies” folder contained valid authentication tokens, along with account information, session data, and marketing tags.

Threat actors can use info-stealing malware to steal Microsoft Teams authentication tokens and remotely log in as a user, bypass MFA and gain full access to the account.

To mitigate the bug, Vectra asked users to switch to the browser version of Microsoft Teams client since using Microsoft Edge to load the app can provide users with additional protection against token leaks.

Linux’s users are advised to switch to another collaboration suite, especially since Microsoft has announced that it will discontinue support for the app on the platform by December. Those who cannot switch to another solution immediately are advised to create a monitoring rule to discover processes accessing selected directories.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs


Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways