Researchers at Vectra have identified an attack path that enables malicious actors with file system access to steal credentials for any Microsoft Teams user who is signed in. Attackers do not require elevated permissions to read these files, which exposes this concern to any attack that provides malicious actors with local or remote system access. Additionally, this vulnerability was determined to impact all commercial and GCC Desktop Teams clients for Windows, Mac, and Linux. Microsoft Teams is an Electron-based app. Electron works by creating a web application that runs through a customised browser. This is very convenient and makes development quick and easy. However, running a web browser within the context of an application requires traditional browser data like cookies, session strings, and logs. This is where issues around this vulnerability lie.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
