Authentication Token Vulnerability with Microsoft Teams | Intel 471 Skip to content

Authentication Token Vulnerability with Microsoft Teams

Sep 27, 2022
Homepage Hero

OVERVIEW

In mid-September 2022, security researchers at Vectra released information a post-exploitation vulnerability affecting the Microsoft Teams collaboration platform. The vulnerability allows "… malicious actors with sufficient local or remote file system access to steal valid user credentials from Microsoft Teams due to their plaintext storage on disk." While Microsoft was notified of the vulnerability, it has indicated that it does not intend to remediate the issue.

Due to the prevalent nature of Microsoft Teams, and the potential impact to the broader community, Cyborg Security has developed exclusive hunt packages to detect the most common behaviors exhibited by the exploitation of the vulnerability. This behavioral content is freely available for Community members of Cyborg Security's HUNTER Platform!