1 April 2020

Zoom bug allows attackers to steal Windows login credentials


Zoom bug allows attackers to steal Windows login credentials

Security researchers have discovered a vulnerability in the Zoom Windows client, which could allow attackers to steal the Windows login credentials of users who click on the link.

According to security researchers Matthew Hickey (@HackerFantastic) and Mitch (@_g0dmode0), the application’s chat feature is vulnerable to UNC path injection, enabling attackers to capture the NTLM password hashes every time someone clicks on a link within messages.

The group chat feature allows users send messages to other participants in a meeting and converts URLs into hyperlinks for the recipient to open a web page in a browser, but, as the researchers discovered, the Zoom client will convert Windows networking UNC paths into a clickable link in the chat messages as well.

As Bleeping Computer explains, when a user clicks on the UNC path link, Windows attempts to connect to the remote site using the SMB network file-sharing protocol to open the remote cat.jpg file. By default, Windows then sends the user's login name and NT Lan Manager (NTLM) credential hash, which can be cracked with the help of freely available tools such as Hashcat to dehash the user’s password.

Additionally, attacker can use the UNC injects to launch programs on a local computer when a link is clicked.

The researchers say to remedy this issue Zoom's fix should involve measures, which prevent the chat system from converting UNC paths into clickable hyperlinks.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024