Now researcher from CyberArk, an information security company reported account takeover vulnerability in Microsoft Teams. The successful exploitation of the bug leads hackers (attackers) to hijack an entire roaster of MS Teams accounts at an organization by sending malicious URLs or GIF images to Teams users.
The vulnerability resides in the Microsoft Teams processes authentication access tokens and passes them to resources containing images. If an attacker manages to create a GIF file or URL, Teams will send the authentication token to the attacker’s server while processing it.
To make the attack successful via sending a link, the victim should click on the link but in the case of GIF image, the attack can be successful if the user views the image in Teams chat. Once the image is viewed or URL clicked, the attacker receives the token.
Using this token, the attacker can hijack the victim’s Teams account by exploiting its API interfaces, and can access victim’s data on Teams, send messages, create and delete groups on the victim’s behalf, or modify a group’s permissions.