Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    SHIFT HR Compliance Training: Pioneering the Future of Workplace Culture and Compliance

    July 10, 2025

    Edensoft: Pioneering AI and Cloud Solutions for A Smarter Future

    July 10, 2025

    The Heart and Strategy Behind Altasciences’ Marketing Evolution

    July 3, 2025
    Facebook X (Twitter) Instagram LinkedIn
    • About Us
    • Press Release
    Saturday, July 12
    Facebook X (Twitter) LinkedIn Instagram
    Business Leaders Review: Best Business Magazine and News OnlineBusiness Leaders Review: Best Business Magazine and News Online
    • Home
    • Magazines
    • Featured Leaders
    • Technology
      • Big Data
      • Artificial Intelligence
      • Robotics
      • Cloud
      • Cyber Security
      • Storage
      • IoT
      • Blockchain
      • Data Analytics
    • Industry
      • Banking & Finance
      • Construction
      • Digital Marketing
      • Economy
      • Education
      • EV Industry
      • Food & Beverage
      • Healthcare
      • Legal
      • Manufacturing
      • Mining & Metals
      • Pharmaceutical
    • Testimonials
    • Latest News
    • Blogs
    • Awards
    • Our Clients
    Business Leaders Review: Best Business Magazine and News OnlineBusiness Leaders Review: Best Business Magazine and News Online
    Home » Microsoft Teams has been storing authentication tokens in plaintext
    Latest News

    Microsoft Teams has been storing authentication tokens in plaintext

    By Business Leaders ReviewSeptember 22, 2022

    Microsoft Teams stores authentication tokens in unencrypted plaintext mode, allowing attackers to potentially control communications within an organization, according to the security firm Vectra. The flaw affects the desktop app for Windows, Mac and Linux built using Microsoft’s Electron framework. Microsoft is aware of the issue but said it has no plans for a fix anytime soon, since an exploit would also require network access.

    Microsoft Teams authentication storage

    According to Vectra, a hacker with local or remote system access could steal the credentials for any Teams user currently online, then impersonate them even when they’re offline. They could also pretend to be the user through apps associated with Teams, like Skype or Outlook, while bypassing the multifactor authentication (MFA) usually required.

    “This enables attackers to modify SharePoint files, Outlook mail and calendars, and Teams chat files,” Vectra security architect Connor Peoples wrote. “Even more damaging, attackers can tamper with legitimate communications within an organization by selectively destroying, exfiltrating, or engaging in targeted phishing attacks.” Attackers can tamper with legitimate communications within an organization by selectively destroying, exfiltrating, or engaging in targeted phishing attacks.

    Vectra created a proof-of-concept exploit that allowed them to send a message to the account of the credential holder via an access token. “Assuming full control of critical seats–like a company’s Head of Engineering, CEO, or CFO — attackers can convince users to perform tasks damaging to the organization.”

    The problem is mainly limited to the desktop app, because the Electron framework (that essentially creates a web app port) has “no additional security controls to protect cookie data,” unlike modern web browsers. As such, Vectra recommends not using the desktop app until a patch is created, and using the web application instead.

    When informed by cybersecurity news site Dark Reading of the vulnerability, Microsoft said it “does not meet our bar for immediate servicing as it requires an attacker to first gain access to a target network,” adding that it would consider addressing it in a future product release.

    However, threat hunter John Bambenek told Dark Reading it could provide a secondary means for “lateral movement” in the event of a network breach. He also noted that Microsoft is moving toward Progressive Web Apps that “would mitigate many of the concerns currently brought by Electron.”

    Related Posts

    Heatwaves Threaten Data Centre Cooling: Aggreko Urges Proactive Planning

    July 3, 2025

    Meta Bets $14 Billion on AI Superintelligence and Global Talent Hunt

    June 27, 2025

    Meta Unveils V-JEPA 2 AI Breakthrough to Help Robots Understand the Physical World

    June 13, 2025

    Mercedes G580 Electric G-Wagen Struggles to Find Buyers

    June 3, 2025

    MIT’s New Tool “SeaSplat” Reveals True Colors of the Ocean in 3D

    May 23, 2025

    GLP-1 and Weight-Loss Drugs May Curb Alcohol Cravings, Study Finds

    May 14, 2025
    Top Posts

    Heatwaves Threaten Data Centre Cooling: Aggreko Urges Proactive Planning

    July 3, 2025

    Meta Bets $14 Billion on AI Superintelligence and Global Talent Hunt

    June 27, 2025

    Meta Unveils V-JEPA 2 AI Breakthrough to Help Robots Understand the Physical World

    June 13, 2025
    Don't Miss

    SHIFT HR Compliance Training: Pioneering the Future of Workplace Culture and Compliance

    July 10, 2025

    In the fast-moving world of HR compliance, where evolving regulations and shifting workplace dynamics constantly…

    Edensoft: Pioneering AI and Cloud Solutions for A Smarter Future

    July 10, 2025

    The Heart and Strategy Behind Altasciences’ Marketing Evolution

    July 3, 2025

    Brewing Purpose: How Lori Jones and Black•ology Coffee Are Blending Culture, Confidence, and Community

    July 3, 2025
    Stay In Touch
    • Facebook
    • Twitter
    • Instagram
    • LinkedIn
    About Us
    About Us

    Business Leaders Review is a global print and digital monthly and yearly magazine, which provides a platform to showcase business/tech leaders and their company’s profile from various sectors. Our aim is to publish the c-suite leaders stories.

    We are helping the leaders & readers to showcase their ideas and innovations to the business and tech world in this current market situation along with their awards and achievements. Doing so we hope to leverage thousands of businesses and personnel around the globe.

    Most Popular

    Heatwaves Threaten Data Centre Cooling: Aggreko Urges Proactive Planning

    Meta Bets $14 Billion on AI Superintelligence and Global Talent Hunt

    Meta Unveils V-JEPA 2 AI Breakthrough to Help Robots Understand the Physical World

    Latest Magazines
    Facebook X (Twitter) LinkedIn Instagram
    • Home
    • Our Clients
    • TECHNLOGY NEWS
    • Industry News
    • Contact Us
    • Privacy Policy
    • Reprints and Permissions
    © 2025 Business Leaders Review LLC | All Rights Reserved | Empowering Communication Globally

    Type above and press Enter to search. Press Esc to cancel.