Microsoft Team is one of the most popular videos conferencing service used around the world. However, security researchers have discovered a vulnerability that allows hackers to hijack the Microsoft Teams accounts by simply using a GIFs file.
As per a report by CyberArk, hackers can gain access to Microsoft Teams accounts by using the GIFs files. The researchers have found that one could take leverage of a subdomain takeover vulnerability in Microsoft Teams. The report highlights that the vulnerability would have affected every user who uses the Microsoft Teams desktop or web browser version.
Ther report highlights that every time the Team was opened, the Team clients creates a new temporary access token, which is authenticated via login.microsoftonline.com. However, two cookies are used to restrict access permissions “authtoken” and “skypetoken_asm.” The report says that the Skype token was sent to teams.microsoft.com and its subdomains, which were found to be vulnerable to a subdomain takeover.
“If an attacker can somehow force a user to visit the sub-domains that have been taken over, the victim’s browser will send this cookie to the attacker’s server and the attacker (after receiving the authtoken) can create a skype token. After doing all of this, the attacker can steal the victim’s Teams account data,” the report added. The report highlights that this vulnerability can be exploited by simply sending a malicious link to the subdomain or by sending a team a GIF file.
Microsoft has acknowledged this flaw and in a statement said: “We addressed the issue and worked with the researcher under Coordinated Vulnerability Disclosure. While we have not seen any use of this technique in the wild, we have taken steps to keep our customers safe.”