Systems Affected
Threat Level
Overview
With the COVID-19 situation most of the employees are currently using zoom application for teleconferencing. Unpatched Zoom application bug lets attackers to steal your windows password.
Description
Zoom windows application is vulnerable where remote attacker could steal login credentials of windows systems. To steel the login credentials of a windows zoom user, all an attacker needs to do is sent a malicious URL to the victim via chat interface. Once the victim clicks the URL, windows password will be sent to the attacker. The captured password will not be in clear text but if the password is weak it will be easier to crack or match the hash values with tools and rainbow tables available online. Apart from stealing the windows credential, an attacker also could launch any program presented in the targeted computer and currently there is no patch available for this vulnerability.
Impact
✻ Losing control of your windows PC ✻ Malware installation ✻ Stealing personal information ✻ If the same password is used on other applications or computers in the same network, all of devices can get compromised
Solution/ Workarounds
✻ User stronger password on your windows device ✻ Refrain clicking unknown links ✻ Use alternative solution for teleconferencing
References
✻ https://thehackernews.com/2020/04/zoom-windows-password.html
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|