Android

“Microsoft Teams is insecure, contains vulnerability”

Security researchers have discovered a vulnerability in the Microsoft Teams desktop app. Authentication tokens are stored as plain text. Malicious persons can abuse this to pretend to be the victim. Microsoft reassures users.

Microsoft Teams Vulnerability

US researchers at the cybersecurity company Vectra have discovered a problem in the popular communication app Microsoft Teams. In the apps for Windows, macOS, and Linux, authentication tokens are stored as plain text, so they are relatively easy for hackers to access.

This vulnerability poses a number of risks. Someone who has physical or remote access to your PC can log in with your account, and they can also access Outlook and Skype if the two-step verification is first turned off. There is therefore a risk that malicious parties misuse your identity on Microsoft Teams to possibly obtain other data via phishing techniques. In this way, they can gain access to sensitive data to which they are not actually entitled.

“No intervention required”

Vectra claims that the security in the desktop apps is too simplistic, and it notified Microsoft of the issue. The company is not alarmed in the least. Microsoft told the Dark Reading news site that “no immediate action is required, as malicious parties must first gain access to the affected network”. However, Microsoft may roll out a patch in the future.

More recent versions of Microsoft Teams do have encrypted storage built-in, but it is still common that older versions are active on PCs. It is therefore wise to check whether you are using the latest version of the app on your computer. Recently we also wrote about the leaked passwords of 130,000 DGTL festival-goers and about a handy app that can help you detect malware on your phone.

Want to stay up to date with the latest news about malware and security vulnerabilities? Then download our Android app and follow us on Facebook, Instagram, YouTubeTelegram and Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *