Microsoft Teams Under Hot Water for Security Flaws

We keep on hearing news about the security flaws associated with Microsoft Teams App, The app has always remained in multiple controversies, unlike many other competitors’ apps. Just like last year, when the Android app was considered responsible for breaking the ability to place 911 calls on the device. This time Team is once again in hot water for an even worse issue. A Cyber security research firm from California has uncovered a horrible flaw in Teams desktop version, where authentication tokens are stored in plain text due to which it gets vulnerable to third-party attacks.

Due to this issue, the Desktop app is affected since it is based on the company’s Electron framework, which also runs on Windows, macOS, and Linux machines. According to the company which revealed about this security flaw, these credentials can be stolen by an attacker who easily accesses the local or remote systems.

While the company knows about this flaw, it has not said anything and also does not seems to be much worried about fixing it.

While telling about this vulnerability and security flaws, Vectra stated:

“Even more damaging, attackers can tamper with legitimate communications within an organization by selectively destroying, exfiltrating, or engaging in targeted phishing attacks. This particular vulnerability only exists on the desktop version of Teams due to a lack of additional security controls to protect cookie data.”

Other than this, Vector has also developed a proof to make us understand the overall concepts detailing by allowing researchers to send a message to the account of the individual whose access token was compromised.