Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
April 3, 2020 05:34 pm GMT

Zoom patches Windows vulnerability that let attackers steal your Windows login from dodgy chat links

The suddenly popular videoconferencing app Zoom has issued a patch for a vulnerability in its Windows client that allowed attackers to steal the user's Windows login credentials from malicious chat links.

Zoom issued a fix for this and other bugs, promising better transparency going forward, reports :

An unpatched vulnerability within Zoom allows an attacker to drop a malicious link into a chat window and use it to steal a Windows password, according to reports.

A hacker could use an attack called a UNC path injection to expose credentials, according to an attack posted on Twitter and subsequently followed up with an additional video. According to The Hacker News, that's because Windows exposes a user's login name and password to a remote server when attempting to connect to it and download a file.

----

Update: After this story and others went live April 1, Zoom CEO Eric Yuan addressed Zoom security and other issues in a blog post.

Read the rest

Original Link: https://boingboing.net/2020/04/03/zoom-windows-login.html

Share this article:    Share on Facebook
View Full Article