Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Unpatched Zoom vulnerability

 

Systems Affected



Threat Level


High


Overview


With the COVID-19 situation most of the employees are currently using zoom application for teleconferencing. Unpatched Zoom application bug lets attackers to steal your windows password.


Description


Zoom windows application is vulnerable where remote attacker could steal login credentials of windows systems. To steel the login credentials of a windows zoom user, all an attacker needs to do is sent a malicious URL to the victim via chat interface. Once the victim clicks the URL, windows password will be sent to the attacker. The captured password will not be in clear text but if the password is weak it will be easier to crack or match the hash values with tools and rainbow tables available online.
Apart from stealing the windows credential, an attacker also could launch any program presented in the targeted computer and currently there is no patch available for this vulnerability.


Impact


  ✻  Losing control of your windows PC
  ✻  Malware installation
  ✻  Stealing personal information
  ✻  If the same password is used on other applications or computers in the same network, all of devices can get compromised


Solution/ Workarounds


  ✻  User stronger password on your windows device
  ✻  Refrain clicking unknown links
  ✻  Use alternative solution for teleconferencing


References


  ✻  https://thehackernews.com/2020/04/zoom-windows-password.html


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.