Experts warn of a ‘UNC path injection’ flaw that could be exploited by remote attackers to steal login credentials from Windows systems.
Security experts and privacy advocates believe that the Zoom is an efficient online video communication platform, but evidently it has some serious privacy and security solutions.
The first expert to warn about the security flaw goes online with the handle Mitch (@_g0dmode).
The latter also created a simple demo of the Zoom UNC path injection issue
The attack leverages the SMBRelay technique that provides username and NTLM password hashes to a remote SMB server when connecting to it.
The Zoom client for Windows supports remote Universal Naming Convention (UNC) paths and converts URLs into hyperlinks for recipients in a chat.
An attacker could steal the login credentials of a Zoom Windows user, by sending a crafted URL (i.e. \\x.x.x.x\zyz) to the victim via chat and trick the victim into clicking it.
The attack could allow capturing the hashed passwords that could be cracked using specific tools like John the Ripper.
The experts reported the issue to Zoom, but the vulnerability has yet to be fixed.
In January, experts discovered another flaw in the popular video conferencing software that could be exploited to join meetings and view all content shared by participants.
The issue allowed anyone to remotely eavesdrop on unprotected active meetings, potentially exposing private audio, video, and documents shared throughout the session.
(SecurityAffairs – video communication, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.