Microsoft Teams Webhook

ID

microsoft_teams_webhook

Severity

low

Vendor

Microsoft

Family

Generic secret

Description

Microsoft Teams enables teams to communicate through instant messages and video conferences. The webhooks are a way for other applications to send messages in channels via a JSON payload to a specific URL.

Security

The webhook URL contains a secret. Don’t share it online, including via public version control repositories.

Examples

webhook = "https://domain.webhook.office.com/webhookb2/7fa4efaa-986e-4b8e-8d6b-cfa47c89f4b0@87ba1f9a-44cd-43a6-b008-6fdb45a5204e/TravisCI/9ad1eb07cda7411db33e74c3d676774e/0ad415e3-d66a-425c-9914-e9e52f2b81e1";

Mitigation / Fix

  1. Remove the URL from the source code or committed configuration file.

  2. Follow your policy for handling leaked secrets, which typically require revoking the secret in the target system(s). Webhook URL can be revoked via the channel settings in the developer dashboard.

  3. Check what usage was given to suspicious messages in the target slack channel during the window of exposure.

Reference

https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/connectors-using