Attackers can use Zoom to steal users’ Windows credentials with no warning

published 01.04.2020 18:38

Share More Posts

While the attack works only against Windows users, Hickey said attacks can be launched using any form of Zoom, again, by sending targets a UNC location in a text message.

He showed in one tweet how the Zoom Windows client exposed the credentials that could be used to access restricted parts of a Windows network.

In the event that targets click on those links on networks that aren’t fully locked down, Zoom will send the Windows usernames and the corresponding NTLM hashes to the address contained in the link.

Attacks work by using the Zoom chat window to send targets a string of text that represents the network location on the Windows device they’re using.

When Windows users click on the link while they’re connected to certain unsecured machines or networks, the Zoom app will send the credentials over port 445, which is used to transmit traffic related to Windows SMB and Active Directory services.

by Dan Goodin from arstechnica.com
Similar Posts

Free awesomeness straight to your inbox!

Sign up now for this free newsletter to receive hand picked content, covering topics like Lifestyle, Business & Technology.

Free Newsletter Sign up now!

..or jump directly to the latest posts!