Microsoft Teams shops authentication tokens in unencrypted plaintext mode, permitting attackers to probably management communications inside a corporation, in keeping with the safety agency Vectra. The flaw impacts the desktop app for Windows, Mac and Linux constructed utilizing Microsoft’s Electron framework. Microsoft is conscious of the difficulty however mentioned it has no plans for a repair anytime quickly, since an exploit would additionally require community entry.
According to Vectra, a hacker with native or distant system entry might steal the credentials for any Teams person at the moment on-line, then impersonate them even after they’re offline. They might additionally faux to be the person by way of apps related to Teams, like Skype or Outlook, whereas bypassing the multifactor authentication (MFA) normally required.
“This enables attackers to modify SharePoint files, Outlook mail and calendars, and Teams chat files,” Vectra safety architect Connor Peoples wrote. “Even more damaging, attackers can tamper with legitimate communications within an organization by selectively destroying, exfiltrating, or engaging in targeted phishing attacks.”
Attackers can tamper with respectable communications inside a corporation by selectively destroying, exfiltrating, or partaking in focused phishing assaults.
Vectra created a proof-of-concept exploit that allowed them to ship a message to the account of the credential holder through an entry token. “Assuming full control of critical seats–like a company’s Head of Engineering, CEO, or CFO — attackers can convince users to perform tasks damaging to the organization.”
The downside is especially restricted to the desktop app, as a result of the Electron framework (that basically creates an online app port) has “no additional security controls to protect cookie data,” in contrast to trendy internet browsers. As such, Vectra recommends not utilizing the desktop app till a patch is created, and utilizing the net utility as a substitute.
When knowledgeable by cybersecurity information web site Dark Reading of the vulnerability, Microsoft mentioned it “does not meet our bar for immediate servicing as it requires an attacker to first gain access to a target network,” including that it will think about addressing it in a future product launch.
However, risk hunter John Bambenek instructed Dark Reading it might present a secondary means for “lateral movement” within the occasion of a community breach. He additionally famous that Microsoft is transferring towards Progressive Web Apps that “would mitigate many of the concerns currently brought by Electron.”
All merchandise beneficial by Engadget are chosen by our editorial staff, impartial of our father or mother firm. Some of our tales embrace affiliate hyperlinks. If you purchase one thing by way of considered one of these hyperlinks, we could earn an affiliate fee. All costs are right on the time of publishing.
#Microsoft #Teams #storing #authentication #tokens #plaintext #Engadget
