September 26, 2022
Cybersecurity researchers disclosed a critical flaw in the Microsoft Teams desktop app that exposes authentication tokens. The vulnerability could let attackers assume the auth token owners’ identities and perform malicious actions through the Microsoft Teams client, even for multi-factor authentication (MFA)-enabled accounts.The shortcoming affects Microsoft Teams desktop apps on Windows, Linux and Mac, and involves…

Cybersecurity researchers disclosed a critical flaw in the Microsoft Teams desktop app that exposes authentication tokens. The vulnerability could let attackers assume the auth token owners’ identities and perform malicious actions through the Microsoft Teams client, even for multi-factor authentication (MFA)-enabled accounts.

The shortcoming affects Microsoft Teams desktop apps on Windows, Linux and Mac, and involves storing the authentication tokens in clear text. Threat actors could access the tokens without elevated privileges, which entails that the vulnerability can be exploited as part of any other local or remote system access attack.

Vectra researchers made the discovery in August while helping a customer remove a disabled Teams account. As Teams users can’t remove deactivated accounts without signing in, researchers started looking for a workaround and unveiled the vulnerability.

Microsoft Teams is a cross-platform desktop app built on the Electron framework. Like other Electron apps, Teams runs inside a browser window and, to a certain degree, functions like a web page and has similar data requirements (logs, session strings, cookies).

Electron doesn’t feature encryption and system-protected file location support by default, and it needs additional configuration to enable these security feats.

While helping the customer, researchers found an ldb file that held clear text authentication tokens. They also discovered a Cookies folder where data like marketing tags, session information, account information, and access tokens were stored.

Using a combination of SQLite and an API call abuse, security experts were able to craft an exploit that allowed them to retrieve authentication tokens in their chat window.

Microsoft was notified of the issue but disagreed on its severity and postponed a patch release to address it. Security researchers recommend you avoid using the Microsoft Teams desktop apps until a patch is released, and stick to the browser version instead.

Recently, a cybersecurity researcher discovered a potentially critical technique that could let hackers create a reverse shell through Microsoft Teams GIFs.

Specialized software solutions like Bitdefender Ultimate Security can help you fend off a wide range of cyber threats, with features like:

  • Real-time protection module that shields you against zero-day exploits, ransomware, spyware, rootkits, Trojans, viruses, and worms
  • Network threat prevention constantly scans for suspicious network-level activities and protects you against them
  • Advanced threat defense supervises ongoing apps, identifies unusual actions, and promptly blocks out malicious attempts
  • Web-filtering module that prevents you from landing on suspicious websites

Source