The Zoom Windows client is vulnerable to UNC path injection in the client’s chat feature that could allow attackers to steal the Windows credentials of users who click on the link.
When using the Zoom client, meeting participants can communicate with each other by sending text messages through a chat interface.
When sending a chat message, any URLs that are sent are converted into hyperlinks so that other members can click on them to open a web page in their default browser, Bleeping Computer reported.
Experts Comments
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Tal Zamir, Founder and CTO, provides expert commentary at @Information Security Buzz.
"Zoom is one of the most popular non-browser apps these days...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-zoom-client-leaks-windows-login-credentials-to-attackers
Facebook Message
@Tal Zamir, Founder and CTO, provides expert commentary at @Information Security Buzz.
"Zoom is one of the most popular non-browser apps these days...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-zoom-client-leaks-windows-login-credentials-to-attackers