Cybersecurity researchers disclosed a critical flaw in the Microsoft Teams desktop app that exposes authentication tokens. The vulnerability could let attackers assume the auth token owners’ identities and perform malicious actions through the Microsoft Teams client, even for multi-factor authentication (MFA)-enabled accounts.
The shortcoming affects Microsoft Teams desktop apps on Windows, Linux and Mac, and involves storing the authentication tokens in clear text. Threat actors could access the tokens without elevated privileges, which entails that the vulnerability can be exploited as part of any other local or remote system access attack.
Vectra researchers made the discovery in August while helping a customer remove a disabled Teams account. As Teams users can’t remove deactivated accounts without signing in, researchers started looking for a workaround and unveiled the vulnerability.
Microsoft Teams is a cross-platform desktop app built on the Electron framework. Like other Electron apps, Teams runs inside a browser window and, to a certain degree, functions like a web page and has similar data requirements (logs, session strings, cookies).
Electron doesn’t feature encryption and system-protected file location support by default, and it needs additional configuration to enable these security feats.
While helping the customer, researchers found an ldb
file that held clear text authentication tokens. They also discovered a Cookies
folder where data like marketing tags, session information, account information, and access tokens were stored.
Using a combination of SQLite and an API call abuse, security experts were able to craft an exploit that allowed them to retrieve authentication tokens in their chat window.
Microsoft was notified of the issue but disagreed on its severity and postponed a patch release to address it. Security researchers recommend you avoid using the Microsoft Teams desktop apps until a patch is released, and stick to the browser version instead.
Recently, a cybersecurity researcher discovered a potentially critical technique that could let hackers create a reverse shell through Microsoft Teams GIFs.
Specialized software solutions like Bitdefender Ultimate Security can help you fend off a wide range of cyber threats, with features like:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024