Unpatched Zoom App Bug Lets Hackers Steal Your Windows Password

zoom video hacking

Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic made it overnight a favorite tool for millions of people.

Though Zoom is an efficient online video meeting solution, it’s still not the best choice in terms of privacy and security.

According to the latest finding by cybersecurity expert @_g0dmode, which was also confirmed by researcher Matthew Hickey and Mohamed A. Baset, the Zoom client for Windows is vulnerable to the ‘UNC path injection‘ vulnerability that could let remote attackers steal login credentials for victims’ Windows systems.

The attack involves the SMBRelay technique wherein Windows automatically exposes a user’s login username and NTLM password hashes to a remote SMB server when attempting to connect and download a file hosted on it.

The attack is possible only because Zoom for Windows supports remote UNC paths, which converts such potentially insecure URLs into hyperlinks for recipients in a personal or group chat.

To steal the login credential of user running zoom for Windows, all an attacker needs to do is sent a…

http://feedproxy.google.com/~r/TheHackersNews/~3/tGezqi3DLXY/zoom-windows-password.html

Leave a Reply