This is going to be fun for bypassing MFA Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs bleepingcomputer.com/news/security/…
@rootsecdev @cxstephens More info:
@rootsecdev While this is bad, it's not that much worse than compromising any user's client-side browser data, no? Once you compromise the system enough to read these Electron files, you have free reign on every token and other file on the system.
@rootsecdev Deleted my previous reply. I still think it's meh. Low sev. Because there is always going to be a way for an attacker with existing access to get the token. They can just become SYSTEM if necessary.
@rootsecdev Omg Microsoft programs just like me
@rootsecdev I agree with the 'so what' from so many of the comments. Even if it was encrypted, that's just more fun to go find out how to break it. After all, it would have to decrypt at some point and in a manner that would not disrupt the user's experience.
@rootsecdev "An attacker with local access on a system" sounds like you are already in deep 💩💩💩
@rootsecdev Sensationalism tbh. Access to a computer means you can steal browser cookies, sniff/make web requests on behalf of someone else, hell, if you want a Discord login token you can just check the "authorization" header for any outgoing request in the network console. 😴
@rootsecdev What is the big deal? You need admin access to computer to use this and if you are admin then you can do this and so much more anyway. Even elevate yourself to SYSTEM account and dance on your grave.
@rootsecdev @robmay70 That's terrible @Microsoft Your products have an "interesting" architecture.
@rootsecdev Only possible solution is maybe using virtualization-based security with the tokens like credential guard.
@rootsecdev Is this a bigger issue for guests/ federated networks??
@rootsecdev Lesson to remember forever: MFA implemented by BS editor or incompetents in basic security is plain BS! False security summit. That's all folks!
@rootsecdev What applications would / could one use to monitor for the listed directories or file access? Under the various platforms? Does it need different apps and setups on each is? Or is there a cross-platform solution?
@rootsecdev That's really crazy because i found these tokens on my laptop when feel bored and look for security vulnerabilities, I'm didn't expect it will be valuable as this.
@rootsecdev There's no session validation server-side? At all? Anywhere?
