Even with multi-factor authentication activated, attackers can steal the desktop app’s login credentials.
security researchers have a security breach In desktop version popular communication software Microsoft Teams found it. as bleeding computer are reported windows, Linux And mac system influenced. At risk are accounts that have been exhausted authentication token or through multifactor authentication log in.
According to the researchers, the login data would only be stored in a database in an insecure, readable manner. If attackers were to gain local access to the network, login data could be stolen. In principle, neither special malware nor authorizations are required for this.
potential loss to companies
data one. is in “Cookies” folder Deposited. Here researchers can easily read active authentication tokens and user data and send them to themselves as text messages via teams.
With the help of malware, attackers can steal login information and then log in remotely with the data. They can also use access tokens to bypass multi-factor authentication.
“If enough systems were compromised, attackers could orchestrate communications within a company,” writes security company Vectra in a blog entry, you can come out as CEO either CFO expenses and company as by Phishing Damage.
use browser version
Microsoft already has Vectra august Explained the vulnerability. However, the group has not classified them as serious enough to be issued immediately. patch To publish. It does not meet the criteria because attackers must first gain access to the local network.
However, it’s not out that a patch will come for it, Microsoft said with Bleeping Computer. Until then, Vectra recommends that users only use Microsoft Teams browsers to use. Does it work microsoft edge, There is additional data protection here. The company recommends that Linux users switch to other software until the problem is resolved.
Freelance twitter maven. Infuriatingly humble coffee aficionado. Amateur gamer. Typical beer fan. Avid music scholar. Alcohol nerd.