16 Sep. (Portaltic/EP) –
The PC application of Microsoft Teams stores authentication tokens in clear text (‘cleartext’), a vulnerability that would give a potential attacker access not only to an account of this video conferencing service, but also to other associated applications.
The vulnerability opens the way for an attacker to access user login credentials of Teams that have logged in, as pointed out by Vectra, the cybersecurity company that detected this problem in August.
Specifically, it has been detected in the Teams desktop client, for Windows, Mac and Linux systems. Authentication tokens are stored in clear textthat is, text that has not been encrypted and its reading does not require elevation of permissions or advanced ‘malware’.
“Anyone who installs and uses the Microsoft Teams client in this state stores the credentials necessary to perform any action possible through the Teams user interface, even when Teams is turned off,” they note. on the official Vectra blog.
An attacker who has obtained the credentials can, in addition to impersonate the user’s identity during an online meeting, modify files in applications such as SharePoint, Outlook mail and calendars, and Teams chat files. It could also act against accounts that have multi-factor authentication activated.
From Microsoft they have confirmed to this company that although they are aware of the problem, its resolution is not urgent. On the contrary, from Vectra they recommend avoiding the desktop client and opt for the web versionwhich they say is “more robust”.
Add Comment