The issue affects users of the desktop versions of the program on various operating systems. All information about this error
Microsoft Teams, the collaboration and communication platform for work teams, presented a bug that compromises the security of thousands of users around the planet.
As reported by the cybersecurity company vector, the flaw is that Teams can store users’ “authentication tokens,” leaving people vulnerable to potential security threats from hackers.
The company acknowledged that the problem was discovered in August 2022, but that does not affect web versions of the programbut to the desktop ones in the operating systems of Windows, LinuxY Mac.
Microsoft Teams: this is the fault found
The security company’s report also indicates that in order to execute an attack on a person who has the authentication tokens stored in Microsoft Teams, the cybercriminal needs to have local access to the system where it was installed.
That is, you have to connect to the same network of the desktop or laptop computer on which the platform is used or, otherwise, you could enter through a phishing strategy.
Once the cybercriminal has access to the local networkyou can remotely access the devices you want, use the authentication tokens, and log in to the accounts of any worker within an organization.
A bug was detected in Microsoft Teams
For Connor Peoplescybersecurity company researcher, this is the biggest risk regarding failure.
“By taking control of a company’s critical user accounts, the attacker can convince other users to perform tasks that may be detrimental to the organization,” it said.
Microsoft Teams: the source of the problem
According to the Bleeping Computer website, the origin of Microsoft’s problem is that it is an application created using Electron, a platform that allows the generation of desktop applications that work across different platforms.
This capability, while useful in principle, works similarly to a web page: it stores cookies and logins just like any other website would.
This functionality harms the security of any other application that does not invest resources in improving those aspects.
In its report, the company indicated that in addition to being able to find stored information about Microsoft Teams authentication tokens, they were also able to find data related to logins in Outlook and Skype.
Microsoft Teams was created in 2017
Microsoft Teams: ways to mitigate risk
The recommendation issued by the cybersecurity company is that people change the platform of use of Microsoft Teams and move from the desktop application to the web version.
For Linux OS usersthese will have to change to a work platform distinct collaborativeas Microsoft will be removing the Teams app from the system starting in December.