Zoom Could Leak Your Windows Login Credentials to Hackers

  • Zoom could allow an attacker to capture the hashed Windows login credentials and then dehash them.
  • The attack takes place on the app’s chat and stems from the improper handling of shared URLs.
  • There’s a manual fix for this bug, while Zoom has not acknowledged the problem yet.

The more popular the Zoom video-conference app is getting during the pandemic, the more attention it’s receiving from security researchers. The software was forced to mature quickly so it could accommodate the needs of a rapidly growing audience. Still, things in software development aren’t easy or straightforward when scaling up at this rate. The latest discovery comes from a hacker who uses the @_g0dmode Twitter handle, who figured that the Windows client of Zoom is vulnerable to UNC path injection in the chat feature of the app. The problem lies in how Zoom automatically converts Windows networking UNC (Universal Naming Convention) paths into clickable links.

A UNC path can be used to access network resources such as files hosted on servers. When a user clicks on a UNC path hoping to obtain access to a file that was shared by another user on the Zoom chat, Windows activates the SMB (Server Message Block) file-sharing protocol. It results in sending the user’s Windows login credentials with their NTLM hash, which a hacker could easily capture and potentially dehash. An offense security solutions firm has already tested the theory in practice and was able to expose the user’s credentials.

The researchers said that free dehashing tools like Hashcat, along with the computing resources that are available to anyone today, could make dehashing these passwords a matter of a few seconds.

password-cracker
Source: Bleeping Computer

And to make things even more dangerous for Zoom users on Windows, the UNC path can also be used for sharing executables. It means that launching programs this way would also be possible, although Windows would at least display a dialog for the user to accept first. This action at least prevents the UNC paths from firing up programs silently in the background.

ntml_setting_path

Zoom is already dealing with a lot of trouble right now, so we’re not sure about when they’re planning to fix this flaw. Those of you who want to take the matter into their own hands, open the “Edit Group Policy” tool on the Windows Control Panel and follow the same path that is shown in the above image to locate the “Restrict NTLM: Outgoing NTLM traffic to remote servers” entry. Open it and set it to “Deny All,” which should prevent the leaking of the Windows credentials when clicking UNC paths on Zoom without requiring a system reboot.

REVIEW OVERVIEW

Latest

Mob Psycho 100 Season 3: Release Date, Teaser, Poster and Where to Watch!

Mob Psycho 100 season 3 has finally been confirmed by the series’ official Twitter account, along with the release of a new...

GPSD Bugs Set to Roll Back Clocks to 2002 on Sunday

A GPSD bug will make apps roll back to 2002 on Sunday, 24th November 2021.The bug comes from a mistaken code put...

Ransomware Attacks Perpetrated via Vulnerability in BillQuick Billing Software

A critical vulnerability that allowed remote code injection was discovered in multiple versions of the relatively popular BillQuick billing software.The exploit comes...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari