Undermining Microsoft Teams Security By Mining Tokens

By   ISBuzz Team
Writer , Information Security Buzz | Sep 15, 2022 05:43 am PST

Researchers at Vectra have identified an attack path that enables malicious actors with file system access to steal credentials for any Microsoft Teams user who is signed in. Attackers do not require elevated permissions to read these files, which exposes this concern to any attack that provides malicious actors with local or remote system access. Additionally, this vulnerability was determined to impact all commercial and GCC Desktop Teams clients for Windows, Mac, and Linux. Microsoft Teams is an Electron-based app. Electron works by creating a web application that runs through a customised browser. This is very convenient and makes development quick and easy. However, running a web browser within the context of an application requires traditional browser data like cookies, session strings, and logs. This is where issues around this vulnerability lie.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Sammy Migues
Sammy Migues , Principal Scientist
September 15, 2022 1:43 pm

Like every application framework, Electron has its own idiosyncrasies related to authentication, secure file storage, communications, and so on. Development teams use frameworks for the same reason they use lots of other open source—it makes their jobs easier and faster. And that’s great. On the other hand, even security-aware teams might not understand what’s really going on in the depths of the framework they’re using. In this case, it appears that Electron might be saving some sensitive data in an insecure way. Note that Electron is no stranger to security issues. Last month saw another bug in Electron that could cause issues in apps from Microsoft, Discord, BaseCamp, and others. There was also a bug last year. As more people investigate Electron, there will almost certainly be more issues uncovered.

Last edited 1 year ago by Sammy Migues

Recent Posts

Would love your thoughts, please comment.x