News

Microsoft confirms vulnerability in Teams by storing tokens in plaintext

By admin
Spread the love

Microsoft Teams desktop application stores tokens locally in plaintext; that is reported by security researchers from the company Vectra. These are authentication tokens, which can be used to log into a victim’s account.

Vectra writes on its website that the company discovered the security risk in August and reported it to Microsoft. The security company calls it a dangerous security risk, because the obtained tokens can also be used to log into an account if it is secured with two-step authentication. Especially if the tokens of a high-ranking employee within a company are stolen, the damage can be significant, according to Vectra.

According to Microsoft, it’s not that big of a risk, because an attacker would have to gain access to the victim’s network, reports a Microsoft spokesperson to Bleeping Computer. “We don’t consider the technique described for an acute fix, because an attacker must first gain access to the victim’s network. We appreciate that Vectra Protect has identified this and reported it responsibly. We will consider this for a future product release”. Until Microsoft comes up with a solution, Vectra recommends using the browser version of Microsoft Teams. According to the company, this protects better against the leakage of the tokens.

Microsoft Teams

You might also like
News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

‘Microsoft wants to postpone deadline for Activision Blizzard…

News

Rumor: EU starts investigation into Microsoft for including Teams with Office