Coronavirus has modified the task landscape the world over with a majority of employees operating from home. This shift has also assisted within the upward push of new workflows and new gear for work from home. One of the most popular tools around is “Zoom”, a video conferencing service primarily based out of the United States. The app has crammed the void for a fine video conferencing app beyond the existing options. In fact, the provider has managed to go into the mainstream as increasingly casual customers are the use of Zoom. This has driven the app from a formal corporate placing to the dwelling room. The provider is somewhat specific than Skype, Google Duo, and WhatsApp video calling. However, a new file just surfaced on-line highlighting a protection flaw in the provider. Let’s test all of the information here.
Zoom for Windows protection flaw details
According to a report from Bleeping Computer, a protection researcher has just discovered a severe protection flaw inside the Windows app. Digging deeper, the researcher found out that the Zoom Windows app “is liable to UNC path injection” attack in the chat feature. This flaw “could allow” hackers to scouse borrow Windows login details. It is worth noting that as a part of the attack, the hacker desires to send a link in the chat. In addition, a Zoom user with the Windows app needs to click the link.
The researcher added that the Zoom Windows app converts “Windows networking UNC paths” into clickable links in the chat. Windows will try to connect to the remote website the use of the SMB file-sharing protocol after the person clicks the link. During this process, Windows will also send the consumer login information to the website. Hackers can use free tools which include Hashcat to reveal the password on their end.