Cybersecurity researchers have developed a BOF tool exploiting a weakness in Microsoft Teams cookie encryption, allowing attackers to access sensitive communications. This vulnerability leverages how Teams stores and encrypts cookies using the userβs DPAPI master key, unlike modern browsers that use SYSTEM privileges. #MicrosoftTeams #DPAPI #CookieEncryption
Keypoints
- The vulnerability exploits the way Microsoft Teams encrypts cookies using the userβs DPAPI master key.
- The teams-cookies-bof tool can run within the Teams process to decrypt cookies without killing the application.
- Attackers can steal authentication tokens to access, read, and impersonate usersβ Teams messages and resources.
- The decryption method is based on the Cookie-Monster-BOF framework, making it adaptable for various threat actors.
- Organizations should enhance endpoint detection to monitor suspicious activities related to Teams cookie database access.
Read More: https://gbhackers.com/new-bof-tool-bypasses-microsoft-teams-cookie-encryption/