During the course of its investigation, Vectra discovered a file that had access to user tokens in plain text.
Vectra, a security firm, has found a major flaw in Microsoft Teams, which might impact a large number of users if hackers manage to exploit it. Due to a security weakness, hackers might potentially access user accounts and change their passwords.
Also, READ: Google mistakenly transferred Rs 2 crore to hacker, here's what happened next
This vulnerability, which wasn't identified until August of 2022, is very serious yet difficult to exploit. It affects users using desktop versions of Microsoft Teams on Windows, Linux, and Mac (but not the browser version).
This is due to how Teams saves user authentication tokens: in plain text, without any encryption. That may have catastrophic results if not for one crucial requirement: the attacker must have physical access to the machine running Microsoft Teams.
An attacker who has physical access to the network might potentially get access to a victim's account by stealing authentication tokens.
According to Vectra analyst Connor Peoples, the danger extends well beyond the theft of a single account, as it gives the intruder access to other accounts that might affect the whole business.
“[Taking] control of critical seats — like a company’s Head of Engineering, CEO, or CFO — attackers can convince users to perform tasks damaging to the organization,” said in the report.
Although the existence of this vulnerability is cause for worry, Microsoft does not see it as a major enough security risk to warrant a high priority repair. Microsoft informed Bleeping Computer, "The approach disclosed does not satisfy our criterion for quick servicing since it needs an attacker to first acquire access to a target network. We appreciate Vectra Protect's assistance in discovering and revealing this vulnerability, and we may look into fixing it in a future version of the product.
If you're concerned about the safety of your Teams account in the interim, it's best to use the web client rather than the desktop app. Since Microsoft has announced that it would no longer support the Linux version of Teams at the end of this year, Linux users are strongly encouraged to choose an alternative program.
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "File Photo")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}