Among communication services, it’s not just Zoom who has security issues. Microsoft’s Teams solution also suffered from a particularly bad flaw. Discovered by Omer Tsarfati, a security researcher at CyberArk, this vulnerability allowed access to any user account and copying of all of their messages.
The flaw lay on the one hand in a bad management of the access tokens for the images, and on the other hand in the existence of badly configured Microsoft subdomains of which it was possible to take control. By combining these two aspects, it was enough for a hacker to create an image on one of these subdomains – a funny GIF for example – and send it to a Teams user. When he views this image, his access tokens are received on the hacker’s servers, neither seen nor known. With these tokens, the attacker can then access all of the victim’s Teams content. He can also usurp his identity.
Check out my write-up about an account takeover vulnerability I found in Microsoft Teams.
By sending a GIF, you could get access to the user’s data and “ultimately take over an organization’s entire roster of Teams accounts”.https://t.co/CLMBHiPcdE pic.twitter.com/2xGLuzwygK– Omer Tsarfati (@OmerTsarfati) April 27, 2020
–
CyberArk alerted Microsoft on March 23. The publisher corrected the configuration of the vulnerable subdomains the same day. Subsequently, patches were also installed in the Teams service.
–
