Microsoft Teams stores authentication tokens in plaintext

clock • 2 min read
About 270 million people use Teams around the world
Image:

About 270 million people use Teams around the world

But the vulnerability does not satisfy Microsoft's standards for a quick fix

Microsoft's workplace-oriented messaging app, Teams, saves authentication tokens in an unencrypted plaintext format - potentially allowing attackers to control conversations and move laterally insi...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
Encryption backdoors violate human rights, says EU court

Privacy

Implications for EU's own efforts to regulate encryption

clock 16 February 2024 • 3 min read
'You have to encrypt everything': Public sector security in the zero-trust age

Public Sector

Years of high-profile breaches have spurred movement – at least overseas

clock 18 December 2023 • 3 min read
Microsoft launches AI chips to support OpenAI and Copilot

Chips and Components

New chips for OpenAI and Copilot coming in 2024

clock 16 November 2023 • 2 min read

More on Threats and Risks

Apple M-series CPU vulnerability enables attackers to purloin cryptographic keys from Macs

Apple M-series CPU vulnerability enables attackers to purloin cryptographic keys from Macs

US researchers find baked-in flaw

Graeme Burton
clock 22 March 2024 • 2 min read
US National Security Advisor Jake Sullivan warns of 'digital Pearl Harbor' targeting infrastructure

US National Security Advisor Jake Sullivan warns of 'digital Pearl Harbor' targeting infrastructure

White House warns of 'disabling cyberattacks' by Iran and China

Graeme Burton
clock 21 March 2024 • 3 min read
Fujitsu exposed client data, AWS keys and passwords for nearly a year, report

Fujitsu exposed client data, AWS keys and passwords for nearly a year, report

Unanswered questions about how many unauthorised parties may have accessed the sensitive information

clock 21 March 2024 • 3 min read