Zoom Could Leak Your Windows Login Credentials to Hackers

  • Zoom could allow an attacker to capture the hashed Windows login credentials and then dehash them.
  • The attack takes place on the app's chat and stems from the improper handling of shared URLs.
  • There's a manual fix for this bug, while Zoom has not acknowledged the problem yet.

The more popular the Zoom video-conference app is getting during the pandemic, the more attention it's receiving from security researchers. The software was forced to mature quickly so it could accommodate the needs of a rapidly growing audience. Still, things in software development aren't easy or straightforward when scaling up at this rate. The latest discovery comes from a hacker who uses the @_g0dmode Twitter handle, who figured that the Windows client of Zoom is vulnerable to UNC path injection in the chat feature of the app. The problem lies in how Zoom automatically converts Windows networking UNC (Universal Naming Convention) paths into clickable links.

A UNC path can be used to access network resources such as files hosted on servers. When a user clicks on a UNC path hoping to obtain access to a file that was shared by another user on the Zoom chat, Windows activates the SMB (Server Message Block) file-sharing protocol. It results in sending the user's Windows login credentials with their NTLM hash, which a hacker could easily capture and potentially dehash. An offense security solutions firm has already tested the theory in practice and was able to expose the user's credentials.

The researchers said that free dehashing tools like Hashcat, along with the computing resources that are available to anyone today, could make dehashing these passwords a matter of a few seconds.

password-cracker
Source: Bleeping Computer

And to make things even more dangerous for Zoom users on Windows, the UNC path can also be used for sharing executables. It means that launching programs this way would also be possible, although Windows would at least display a dialog for the user to accept first. This action at least prevents the UNC paths from firing up programs silently in the background.

ntml_setting_path

Zoom is already dealing with a lot of trouble right now, so we're not sure about when they're planning to fix this flaw. Those of you who want to take the matter into their own hands, open the "Edit Group Policy" tool on the Windows Control Panel and follow the same path that is shown in the above image to locate the "Restrict NTLM: Outgoing NTLM traffic to remote servers" entry. Open it and set it to "Deny All," which should prevent the leaking of the Windows credentials when clicking UNC paths on Zoom without requiring a system reboot.

Latest
How to Watch Rosie Molloy Gives Up Everything Online From Anywhere
Rosie Molloy Gives Up Everything is a new comedy show about a recovering addict who tries to start fresh in life. If...
How to Watch I’m An Alcoholic – Inside Recovery Online From Anywhere For FREE
I’m An Alcoholic – Inside Recovery is a documentary that gives viewers a close-up view of an Alcoholics Anonymous meeting in the...
How to Watch Love Island Australia Season 4 (2022) Online From Anywhere
One of the hottest reality TV shows is returning with a brand new season, and we're excited to watch all the episodes...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari