Vulnerability in Zoom app let hackers steal your Windows password: Report


Slammed for the lack of users privacy and security by the US Federal Bureau of Investigation (FBI) and cybersecurity experts, video meeting app Zoom is also prone to hacking, a new report has claimed, saying an unpatched bug can let hackers steal users Windows password.

The 'Zoom client for Windows' is vulnerable to the 'UNC path injection' vulnerability that could let remote attackers steal login credentials for victims' Windows systems, reports TheHacckeNews.
The latest finding by cybersecurity expert @_g0dmode, has also been "confirmed by researcher Matthew Hickey and Mohamed A. Baset,' the report said late Wednesday.

The attack involves the "SMBRelay technique" wherein Windows automatically exposes a user's login username and NTLM password hashes to a remote server, when attempting to connect and download a file hosted on it.

"The attack is possible only because Zoom for Windows supports remote UNC paths, which converts such potentially insecure URLs into hyperlinks for recipients in a personal or group chat," the report claimed.

Comments

Popular posts from this blog

Infinix Smart 2 review: 'Value for money' smartphone with tall 18:9 screen

Year in review: From OnePlus to Asus, best midrange flagship phones of 2019

OnePlus 8 review: Meaningful innovations elevate experience, justify price