This is going to be fun for bypassing MFA

Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs https://t.co/VbB1g04kqp

— rootsecdev (@rootsecdev) September 14, 2022

Microsoft: Unsafe At Any Speed.

Microsoft Teams Stores Auth Tokens As Cleartext On Windows, Linux, Macs.

"Microsoft did not agree on the severity of the issue and said that it doesn't meet the criteria for patching. "https://t.co/pVqBQ87BMz

— ★ ꜱᴛᴇᴇʟʏ ★ ᴅᴜʀᴀɴ ★ (@AWaxwire) September 15, 2022

Red team feature https://t.co/xrG9q08RJN

— Justin Elze (@HackingLZ) September 14, 2022

Electron and Microsoft - a team made in heaven ...

"Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs"https://t.co/PG8wP9D1Gh

— Martin Leyrer (@leyrer) September 14, 2022

Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs https://t.co/aZKrS3sJqs

— Sami Laiho (@samilaiho) September 14, 2022

Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macshttps://t.co/QkZ6jDnMyT

— The New Oil (@thenewoil1) September 15, 2022

Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs https://t.co/ACfYIZmpsv https://t.co/xmF7aGnPfl

— nixCraft (@nixcraft) September 15, 2022

Whoops.https://t.co/S8bT0dsN1t

— dotnetcore.show (@dotNetCoreShow) September 15, 2022

「このタイプのマルウェアを使用すると、攻撃者は Microsoft Teams の認証トークンを盗み、リモートでユーザーとしてログインし、MFA をバイパスしてアカウントへのフル アクセスを取得できます。」https://t.co/Kx7xxTwR35

— 三輪信雄 (@NobMiwa) September 14, 2022

Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs https://t.co/PF7qfvblv1

— Nicolas Krassas (@Dinosn) September 14, 2022

Microsoft Sees No Need to Fix New Teams Vulnerability https://t.co/RMUTt1mo5N pic.twitter.com/tvyYIV0kbd

— Thurrott Feed (@Thurrottfeed) September 17, 2022

Microsoft Teams stores cleartext auth tokens, won’t be quickly patched https://t.co/4soydgDwKU

— The Cyber Security Hub™ (@TheCyberSecHub) September 15, 2022

Microsoft Teams vulnerability shows danger of collaboration apps https://t.co/dL95QblTjx #Cybersecurity #cybercrime #cyberattacks #hacker #hack #breach #phishing #dos #ransomware #malware pic.twitter.com/dYrsXxnNNb

— Rich Tehrani (@rtehrani) September 17, 2022

MS Teams vulnerability shows danger of collaboration apps

Teams has over 270 million monthly active users [up from 75 million in April 2020]
While collaboration tools are convenient their widespread use has opened the door to some serious vulnerabilitieshttps://t.co/2YjEVHnRr0 pic.twitter.com/paoNfEVuMb

— Wilko S. Wolters 🇩🇪🇪🇺 (@WSWMUC) September 16, 2022

Microsoft Teams vulnerability shows danger of collaboration apps https://t.co/741tnVm0q3 via @VentureBeat cc @tk1ng @archonsec @Transform_Sec @Corix_JC @globaliqx @segundoatdell @enricomolinari @labordeolivier @Nicochan33 @IanLJones98 @tlloydjones @FranckOhrel @jeancayeux

— Tobias Kintzel (@tobiaskintzel) September 16, 2022

Microsoft Teams has been storing authentication tokens in plaintext https://t.co/f3IbyZjzMl

— stevegreenberg (@stevegreenberg) September 17, 2022

Seems like another good reason to use optimized #Microsoft Teams with #Citrix for improved security https://t.co/9HgSyT3sWV

— Allen Furmanski (@TekGuyAllen) September 16, 2022

Reason number 10²³ why I don't like using M$ Teams.https://t.co/VmX2zjvO1t

— Jacopo Bertolotti (@j_bertolotti) September 16, 2022

Stop using Teams.https://t.co/tTiRneemEj

— bsletten (@bsletten) September 16, 2022

Interesting summary of a Teams vulnerability: "Electron does not support encryption or protected file locations by default [..], it is not considered secure enough for developing mission-critical products..." https://t.co/Kd24mUQnhl

— MarcoCantu (@marcocantu) September 16, 2022

HAHAHAHAHA OK I shouldn't laugh but we're required to use MS products at work because they're "secure" and HAHAHAHAHAHAAAAAAAhttps://t.co/8kQWugwMkV

— Kalera Stratton (@nisslbodies) September 16, 2022

Really, #Teams. Really.

.....We're not angry, Teams.
We're just disappointed.https://t.co/3qpGqv7kQs

— wallofsheep (@wallofsheep) September 15, 2022

📍 #Microsoft #Teams stores auth tokens as cleartext in Windows, Linux, Macs https://t.co/wYFhI31tv2

— Dr. ir Johannes Drooghaag (JD) #BYOC! 🕊 (@DrJDrooghaag) September 15, 2022

Teamsのクライアントアプリが認証トークンを平文でローカルに保存しており、それを盗むことでMFAをバイパス可能とのこと…
パッチがリリースされる可能性が低いためブラウザ版の使用を推奨してる…
これを利用するフイッシング流行ったらやばそうhttps://t.co/cSElMfZtXO

— hara_power (@hara_power) September 15, 2022

Microsoft Teams has been storing authentication tokens in plaintext https://t.co/vzHAPFBEck #Cybersecurity #cybercrime #cyberattacks #hacker #hack #breach #phishing #dos #ransomware #malware pic.twitter.com/ys71JIfeUH

— Rich Tehrani (@rtehrani) September 18, 2022