Comments on: Is It a Problem When Microsoft Teams Access Tokens are Stored in Clear Text? https://practical365.com/teams-access-token-clear-text/ Practical Office 365 News, Tips, and Tutorials Tue, 28 Feb 2023 00:29:03 +0000 hourly 1 https://wordpress.org/?v=6.3.2 By: Tony Redmond https://practical365.com/teams-access-token-clear-text/#comment-255322 Tue, 28 Feb 2023 00:29:03 +0000 https://practical365.com/?p=57199#comment-255322 In reply to M.

Good to know. I haven’t checked recently…

]]> By: M https://practical365.com/teams-access-token-clear-text/#comment-255295 Mon, 27 Feb 2023 14:49:07 +0000 https://practical365.com/?p=57199#comment-255295 It seems that this has been finally fixed in one of recent releases. Part of the file with the token now additionally includes “isEncrypted” property, and token itself indeed looks encrypted, as it’s not a valid JWT anymore.

]]> By: Tony Redmond https://practical365.com/teams-access-token-clear-text/#comment-252728 Mon, 30 Jan 2023 10:05:56 +0000 https://practical365.com/?p=57199#comment-252728 In reply to Stephan.

Microsoft doesn’t regard the problem as being a security issue because the PC must already be compromised before the access token can be obtained. If you have an issue with this, complain to your local Microsoft office.

]]> By: Stephan https://practical365.com/teams-access-token-clear-text/#comment-252726 Mon, 30 Jan 2023 09:29:39 +0000 https://practical365.com/?p=57199#comment-252726 Is there any way to find out the latest status on this vulnerability?
Has Microsoft already fixed it in the Teams Client?

]]>