According to analysts at cybersecurity firm Vectra, there is a huge vulnerability within Microsoft Teams and countless users could be affected if hackers get their hands on it.
The program has a flaw that allows attackers to steal users’ credentials and log into their accounts. Unfortunately, Microsoft has no plans to patch this at this time, so read on to make sure you stay protected from this unexpected Microsoft Teams issue.
This flaw, first discovered in August 2022, is quite serious, but also not that easy to execute. It applies to desktop versions of the Microsoft Teams software (not the browser version) and affects users on Windows, Linux, and Mac.
It all comes down to the way Teams stores user authentication tokens – in plain text, without any additional protection. That would be disastrous if it weren’t based on one key factor: an attacker must have local access to the system where Microsoft Teams is installed.
Assuming an attacker has local access to the network, they can steal the authentication tokens and log into the victim’s account.
Connor Peoples, a Vectra researcher, said the threat runs deeper than just one account being compromised; it allows the attacker to hijack accounts that could potentially disrupt the operations of an entire organization.
“[Taking] control over critical places — such as a company’s chief of engineering, CEO, or CFO — attackers can persuade users to perform tasks that are harmful to the organization,” Peoples said in the report.
How does this all work? Bleeping Computer explained it in more detail, but the short story is that Microsoft Teams is an Electron app and comes with all the elements needed for a normal web page, such as cookies and session strings. Electron does not support file encryption or setting secure locations, therefore user credentials are not protected as they should be.
During his research, Vectra found a file with access to user tokens in plaintext. “When checked, it was determined that these access tokens were active and not an inadvertent dump of a previous error. These access tokens gave us access to the Outlook and Skype APIs,” the company’s report said.
Further investigation found even more data, including valid authentication tokens and account details. Vectra also found a way to exploit the app and could receive the tokens in its own chat window.
It is concerning that this vulnerability currently exists, but Microsoft does not consider it a threat large enough to prioritize patching it. A Microsoft spokesperson told Bleeping Computer, “The technique described does not meet our immediate maintenance bar because an attacker must first gain access to a target network. We appreciate Vectra Protect’s collaboration in identifying and responsibly disclosing this issue.” and will consider addressing this in a future product release.”
Meanwhile, if you’re concerned about the security of your Teams account, it’s a good idea to switch to the browser version of Teams instead of the desktop client. However, Linux users are advised to simply switch to another app, especially as Microsoft plans to end support for the Linux version of Teams by the end of this year.