Microsoft Teams security flaw lets hackers steal accounts - and there s no fix in sight TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. Microsoft Teams security flaw lets hackers steal accounts - and there s no fix in sight By Sead Fadilpašić published 15 September 2022 There's an easy way to steal Microsoft Teams authentication tokens, researchers claim (Image credit: Microsoft) Audio player loading… There is a security flaw in Microsoft Teams that allows threat actors to log into other people's accounts, even if those accounts are protected with multi-factor authentication, researchers have claimed. Cybersecurity analysts from Vectra say the Teams desktop application for Windows, Linux, and Mac, stores user authentication tokens in cleartext, without any locks guarding the access. Anyone with local access to a system with Teams installed can steal these tokens and use them to log into the accounts. "This attack does not require special permissions or advanced malware to get away with major internal damage," Vectra's Connor Peoples said - Microsoft, on the other hand, says the whole deal is blown out of proportion and it is not interested in addressing the issue at this time. Active tokens The problem lies in the fact that Microsoft Teams is an Electron app, running in a browser windows. As Electron does not come with support for encryption, or protected file locations by default, it is somewhat easier to use, but also risky on the data protection side of things. Deeper analysis uncovered that the tokens were not stored in error, or as part of a previous data dump. "Upon review, it was determined that these access tokens were active and not an accidental dump of a previous error. These access tokens gave us access to the Outlook and Skype APIs," Vectra explained. What's more, the "cookies" folder also held tokens, account information, session data, and other valuable information. But Microsoft played the whole thing down, saying it isn't that severe and that it doesn't meet the criteria for patching. In a statement sent to BleepingComputer, Microsoft said "The technique described does not meet our bar for immediate servicing as it requires an attacker to first gain access to a target network. We appreciate Vectra Protect's partnership in identifying and responsibly disclosing this issue and will consider addressing in a future product release."Read more> This brutal hacking tool could steal virtually all of your logins (opens in new tab) > Best authenticator apps today: add an extra layer of online security > These are the best VoIP headsets right now (opens in new tab) Vectra, on the other hand, disagrees, and to prove its point, it developed an exploit that abuses an API call, allowing a user to send messages to themselves. By reading the cookies database through SQLite engine, the exploit was able to receive the authentication tokens in a message. If you're worried about your business (opens in new tab) having its tokens snatched, you should switch to the browser version of the Teams client, Vectra suggests. Linux users should migrate to a different collaboration (opens in new tab) platform, as well. These are the best VoIP (opens in new tab) solutions right now Via: BleepingComputer (opens in new tab) Sead Fadilpašić Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1You may not have to sell a body part to afford the Nvidia RTX 4090 after all2My days as a helpful meat shield are over, thanks to the Killer Klown horror game3I tried the weirdest-looking Bluetooth speaker in the world, and I utterly adore it4It looks like Fallout's spiritual successor is getting a PS5 remaster5One of the world's most popular programming languages is coming to Linux1We finally know what 'Wi-Fi' stands for - and it's not what you think2Best laptops for designers and coders 3Miofive 4K Dash Cam review4Logitech's latest webcam and headset want to relieve your work day frustrations5Best offers on Laptops for Education – this festive season Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)