Unpatched Zoom vulnerability

  • CERT Admin
  • Thu Apr 02 2020
  • Alerts

Threat Level 

High 

Overview 

With the COVID-19 situation most of the employees are currently using zoom application for teleconferencing. Unpatched Zoom application bug lets attackers to steal your windows password.

Description 

Zoom windows application is vulnerable where remote attacker could steal login credentials of windows systems. To steel the login credentials of a windows zoomuser, all an attacker needs to do is sent a malicious URL to the victim via chat interface. Once the victim clicks the URL, windows password will be sent to the attacker. The captured password will not be in clear text but if the password is weak it will be easier to crack or match the hash values with tools and rainbow tables available online.

Apart from stealing the windows credential, an attacker also could launch any program presented in the targeted computer and currently there is no patch available for this vulnerability. 

Impact 

     ✻  Losing control of your windows PC
    ✻  Malware installation
    ✻  Stealing personal information
    ✻  If the same password is used on other applications or computers in the same network, all of devices can get compromised 

Solution/ Workarounds 

     ✻  User stronger password on your windows device
    ✻  Refrain clicking unknown links
    ✻  Use alternative solution for teleconferencing 

References  

  ✻  https://thehackernews.com/2020/04/zoom-windows-password.html 

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind 

Last updated: Thu Apr 02 2020