Teams i token(y) - ale, że o co chodzi?

Teams i token(y) – ale, że o co chodzi?

Najpierw wprowadzenie do tematu: Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs.

“Upon review, it was determined that these access tokens were active and not an accidental dump of a previous error. These access tokens gave us access to the Outlook and Skype APIs.”

OK, i...? Bo z opisu tutaj (Undermining Microsoft Teams Security by Mining Tokens) trochę niewiele wynika:

(...) Next, we needed the access token. We used the SQLite engine. SQLite does not require installation, so the exploit downloads SQLite to a local folder and executes it to read the Cookies DB, where we extract the Skype Access token required for sending messages.

Jakoś nie mogę znaleźć informacji jak ten exploit jest uruchamiany, więc zakładam, że w inny niezwiązany z tematem sposób. Tylko w takim razie jak rozumieć to:

(...) Use the web-based Teams client inside Microsoft Edge, which has multiple OS-level controls to protect token leaks. Fortunately, the Teams web application is robust and supports most features enabled through the desktop client, keeping organization productivity impacts to a minimum.

Oryginał tego wpisu dostępny jest pod adresem Teams i token(y) – ale, że o co chodzi?

Autor: Paweł Goleń