Microsoft Teams for Windows, macOS and Linux insecurely stores authentication tokens in unprotected cleartext -- and a fix is NOT in the pipeline

Researchers from cybersecurity firm Vectra have issued a warning that Microsoft Teams stores authentication tokens in an unprotected form that could easily be abused by hackers. The desktop apps for Windows, macOS and Linux all store authentication tokens in cleartext, and this can be used by an attacker to steal an identity and log into accounts. This is clearly worrying, but what is more concerning is Microsoft's reaction; the company says that the issue does not require 'immediate servicing'. See also: Microsoft releases PowerToys v0.62.1 to fix various bugs Microsoft issues patch for serious security vulnerability affecting everything from Windows… [Continue Reading]