Home Cyber Security Microsoft fixes an account takeover with GIFs Security bug in Microsoft Teams

Microsoft fixes an account takeover with GIFs Security bug in Microsoft Teams

0

Microsoft recently resolved a security problem in Microsoft Teams, where an attacker could take over user accounts with help of a malcious GIF file.

On Monday, a researcher from CyberArk explained the security vulnerablity in a blog post. In that blog post it is mentioned that a subdomain tackover vulnerability, combined with a malcious .GIF file could be used to scrape a users data and take over entire organization users accounts.

The teams has explained the flow of the attack and process of stealing access token.

The team has created PoC to demonstrate the attack. You can find more information in CyberArk blog post.

Exit mobile version