Microsoft Teams has a flaw that could expose user credentials

A crucial vulnerability has been found within the Microsoft Teams app for Windows, macOS, and Linux that could result in the disclosure of user credentials. All as a result of in these programs, the software program shops authentication tokens in plain textual content recordsdata with none kind of extra safety, creating room for information theft if criminals have entry to the machines.

In an surroundings the place virtualization and distant entry are gaining momentum, the assault floor is giant. According to researcher Connor Peeples of cybersecurity firm Vectra, all it takes is native entry to the pc the place Microsoft Teams is put in and also you’re signed in for the tokens to be stolen and used to entry victims’ accounts.

The breach report explains the appliance’s use of the Electron engine, which by default doesn’t use encryption or safety measures, relying on future improvement to take action. This wouldn’t be the case with Teams, confirming Vectra’s steerage that the platform is unsafe for constructing purposes that take care of delicate and delicate data, even whether it is a common software program improvement instrument.

Examples of susceptible tokens within the Microsoft Teams folder for Windows, Linux, and macOS that led to an exploit that could extract information remotely through chat (Image: replica/Vectra)

More particularly, the audit tokens have been discovered within the system folder together with different logs of lively classes linked to the Outlook and Skype APIs. After that, specialists have been capable of develop an exploit that causes calls to such programs to return information within the Teams chat window itself, additional increasing the scope of the hack.

The Microsoft Teams bug was found final month

According to Vectra, the invention was found in August 2022 and reported to Microsoft. However, the corporate wouldn’t settle for the seriousness of the issue and wouldn’t listing it for an replace, because the openness stays a threat for customers, particularly now that its particulars have been printed.

In an official assertion, the corporate thanked the digital safety researcher, however performed down the scope of the exploit, saying that for it to be potential, an attacker must use different strategies to achieve entry to customers’ units. Microsoft didn’t deny that the issue could be mounted in future patches, however it defined that the hack didn’t meet the standards for receiving a focused replace.

To mitigate the problem, it is strongly recommended that you employ the browser model of Teams that doesn’t retailer authentication tokens in plain textual content. In the case of Linux specifically, the recommendation is to search for one other collaboration instrument, as Microsoft will finish help for this system on the finish of this 12 months. Monitoring guidelines will also be used to detect entry to system folders that include susceptible recordsdata.

Source: Vectra, Bleeping Computer

Leave a Comment

Your email address will not be published.