Comment: Zoom Client Leaks Windows Login Credentials To Attackers

The Zoom Windows client is vulnerable to UNC path injection in the client’s chat feature that could allow attackers to steal the Windows credentials of users who click on the link.

When using the Zoom client, meeting participants can communicate with each other by sending text messages through a chat interface.

When sending a chat message, any URLs that are sent are converted into hyperlinks so that other members can click on them to open a web page in their default browser, Bleeping Computer reported.


EXPERTS COMMENTS
Tal Zamir, Founder and CTO,  Hysolate
April 02, 2020
Zoom is one of the most popular non-browser apps these days.
Especially in the current situation, enterprises must keep in mind that user devices use a variety of apps that go beyond just email and internet. Zoom is one of the most popular non-browser apps these days, and has new vulnerabilities enterprises should care about. This includes the recently discovered Zoom Client vulnerability that allows a remote attacker on a Zoom call to receive a user's Win ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article