Connect with us

Hi, what are you looking for?

Reviews

Microsoft And Its Team Is Now Storing Authentications Tokens In Cleartext

Image Credit: monticello / shutterstock

# Microsoft And Its Team Is Now Storing Authentications Tokens In Cleartext

A security loophole has been uncovered in Microsoft Teams. A report by security firm Vectra reveals that Microsoft Teams is storing authentication tokens in plain text.

## Microsoft Teams Security Issue
The vulnerability affects the desktop versions of Teams for Windows, macOS, and Linux. Threat actors with physical or remote access to a victim’s system can retrieve user credentials without needing administrator privileges. Hackers can bypass 2-factor authentication and access other linked apps like Skype and Outlook. This could lead to impersonation, data manipulation, or targeted phishing attacks.

## How the Vulnerability was Discovered
Vectra’s researchers were assisting a client in deleting old accounts from Microsoft Teams. Since the app doesn’t offer this feature, they found some files containing authentication tokens stored in plain text. They created a test to demonstrate how easy it is to access user accounts using these tokens.

The issue with Electron framework, which Teams is built on, is highlighted as it lacks standard security protocols. Similar vulnerabilities have been identified in other Electron-based apps like WhatsApp and Slack. Developers using Electron are advised to securely store authentication tokens, for example, by using OAuth with KeyTar.

## Microsoft’s Response
Microsoft has acknowledged the vulnerability but has decided not to patch it right away. They claim that for the bug to be exploited, an attacker needs to breach the target network first. Therefore, they believe most users are not at immediate risk unless their network is already compromised.

Vectra Security recommends avoiding the Microsoft Teams desktop app until the vulnerability is fixed and suggests using the web browser version instead.

Advertisement. Scroll to continue reading.
AIAD

**Image Credit:** monticello / shutterstock

You May Also Like

Reviews

Recently, Microsoft released security updates for all versions of its Windows operating system and related products. Users can find these updates via Windows Update...

Reviews

Every version of Windows eventually comes to an end. For Windows 11, this happens two years after it is made available to the public....

Reviews

Firefox 115 is the last version of the Firefox browser that is compatible with older versions of Windows and macOS, specifically Windows 7, 8,...

Reviews

The upcoming Windows 11 update for 2024 has sparked some uncertainty. While it is currently available for Copilot+ PCs, there remains no definitive timeline...