A major new vulnerability in Microsoft Teams was identified by security researchers from Vectra Protect but Microsoft has remarked there is no need for a fix.
“Our research discovered that the Microsoft Teams App stores authentication tokens in cleartext,” Vector Research’s Connor Peoples explains. “With these tokens, attackers can assume the token holder’s identity for any actions possible through the Microsoft Teams client, including using that token for accessing Microsoft Graph API functions from an attacker’s system. Even worse, these stolen tokens allow attackers to conduct actions against [multi-factor authentication] MFA-enabled accounts, creating an MFA bypass.”
The vulnerability is believed to exist in the native client of Teams for Linux, Mac, and Windows that was developed using Electron that doesn’t support standard browser controls like encryption, firm notes, or system-protected file locations.
Microsoft said the vulnerability did not require immediate patching. “The technique described does not meet our bar for immediate servicing as it requires an attacker to first gain access to a target network,” a Microsoft statement explains. “We appreciate Vectra Protect’s partnership in identifying and responsibly disclosing this issue and will consider addressing [it] in a future product release.”