Vulnerability in Zoom app let hackers steal your Windows password: Report
Slammed for the lack of users privacy and security by the US
Federal Bureau of Investigation (FBI) and cybersecurity experts, video meeting
app Zoom is also prone to
hacking, a new report has claimed, saying an unpatched bug can let hackers steal users
Windows password.
The
'Zoom client for
Windows' is vulnerable to the 'UNC path injection' vulnerability that could let
remote attackers steal login credentials for victims' Windows systems, reports
TheHacckeNews.
The
latest finding by cybersecurity expert @_g0dmode, has also been "confirmed
by researcher Matthew Hickey and Mohamed A. Baset,' the report said late
Wednesday.
The
attack involves the "SMBRelay technique" wherein Windows
automatically exposes a user's login username and NTLM password hashes to a
remote server, when attempting to connect and download a file hosted on it.
"The
attack is possible only because Zoom for Windows
supports remote UNC paths, which converts such potentially insecure URLs into
hyperlinks for recipients in a personal or group chat," the report
claimed.
Comments
Post a Comment