Zoom vulnerability can let hackers steal users' Windows credentials

The COVID-19 pandemic has resulted in a huge number of office workers working from home. This has led to a multiple-fold increase in usage of communication and collaboration tools, including conferencing services such as Zoom. However, the video conferencing service has also seen its share of privacy issues. Now, a more serious vulnerability has been uncovered in the service’s Windows client.

The vulnerability has to do with a feature in Zoom’s chat that automatically links UNCs (universal naming convention) or URLs to make it easier for users to navigate to the locations specified in them. However, these UNCs can also be Windows networking paths that will be converted into links for users to click on, which can then be used to extract Windows credentials of the user when Windows tries to connect to the site using the SMB file-sharing protocol.

When users click on the path and the OS tries to establish a connection with the remote site, it sends the users’ login name and their NTLM password hash, which can be cracked by hackers using tools that can de-hash these passwords. It was first spotted by security researcher Mitch (shared on Twitter), after which security researcher Matthew Hickey could successfully demonstrate the UNC injection in Zoom and how the password could be captured through the UNC in the chat.

Hickey also added in a comment to BleepingComputer that UNC links can also be used to open apps or programs on the client’s computer. Interestingly, Mohamed A. Baset mentioned on Twitter that similar behavior was also present on macOS, but required more user interaction.

Zoom has not yet acknowledged the presence of this vulnerability in its app. While it is unlikely that users will be in conversations with such bad actors tasked with stealing credentials, it is still a security risk that needs to be addressed.

For those that would not want to wait for a fix can use a workaround posted by BleepingComuter. However, it is to be noted that the workaround involves tweaking Group Policy, which should only be done if you are familiar with that interface and are aware of the risks involved.

Report a problem with article
1585770630_prime_vid
Next Article

Amazon Prime Video now lets you make in-app purchases and rentals on iOS

1585767064_st
Previous Article

T-Mobile is already deploying Sprint's 2.5GHz 5G in Philadelphia

18 Comments - Add comment

Advertisement