Microsoft Teams Stores Authentication Tokens in Unencrypted Plaintext

September 20, 2022
Microsoft Teams
767
Views
Microsoft Teams

According to the security firm Vectra, Microsoft Teams keeps authentication tokens in unencrypted plaintext format, allowing attackers to potentially manage conversations within an organization. The vulnerability affects the desktop software for Windows, Mac, and Linux that was created with Microsoft’s Electron framework. Microsoft is aware of the problem but has no plans to solve it anytime soon because an attack would also require network access.

A hacker with local or remote system access, according to Vectra, might obtain the credentials of any Teams user who is currently online and subsequently impersonate them even when they are not. They might even appear to be the user by using applications related with Teams, such as Skype or Outlook, and by avoiding multi factor authentication (MFA), they could persuade users to undertake actions harmful to the enterprise.”

“This enables attackers to modify SharePoint files, Outlook mail and calendars, and Teams chat files,” noted Vectra security architect Connor Peoples. “Even more damaging, attackers can tamper with legitimate communications within an organization by selectively destroying, exfiltrating, or engaging in targeted phishing attacks.”

Vectra developed a proof-of-concept vulnerability that enabled them to send a message to the credential holder’s account using an access token. “Assuming full control of critical seats–like a company’s Head of Engineering, CEO, or CFO — attackers can convince users to perform tasks damaging to the organization.”

The issue is mostly restricted to the desktop app since, unlike current web browsers, the Electron framework (which effectively generates a web app port) has “no additional security controls to protect cookie data,” As a result, Vectra advises against using the desktop software until a fix is available, and instead to use the web application.

When notified of the vulnerability by a reliable cybersecurity news site, Microsoft stated that it “does not meet our bar for immediate servicing as it requires an attacker to first gain access to a target network,” adding that it will be addressed in a future product update.

Threat hunter John Bambenek, on the other hand, told Dark Reading that it may give an alternative way of “lateral movement” in the case of a network attack. He also mentioned that Microsoft is pushing on Progressive Web Apps, which “would mitigate many of the concerns currently brought by Electron.”

Article Categories:
Technology

Leave a Reply

Your email address will not be published. Required fields are marked *

The maximum upload file size: 256 MB. You can upload: image, audio, video, document, spreadsheet, interactive, text, archive, code, other. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here