Zoom for Windows has a security flaw: an attacker can access your login details without our permission
Table of contents:
If there is a series of applications that are successful these days in which a large part of the world's population is confined to their homes, they are those that allow contact with friends and family without having to leave the home. Video calls on WhatsApp, the use of Hangouts, apps like House Party (recently news) and Zoom have skyrocketed, although this has also been geared towards teleworking.
And if before with House Party we were referring to the controversy caused by an alleged hack that the company denies, now it is Zoom that is under the magnifying glassbecause of a security breach to which it has been exposed.A bug that could make it easier for a user to join a video call without our permission.
Hello, my name is Edu, how are you?
With the COVID-19 crisis, Zoom has grown remarkably and many have discovered it as an easy-to-use client for multiple video callsA tool that, however, has seen how it could be the victim of an attacker who put our privacy in check.
Discovered by @_g0dmode, the security breach has its starting point in the Zoom application for Windows 10. A hacker could access the access data , Windows username and password, in order to start video calls without the user having given authorization. The key is in the UNC paths in the chat.
When using some of these links, the application tries to connect remotely using the SMB protocol, at which time Windows sends the access data to the person who has used the link You only need to decrypt the password, something not too difficult if you have basic knowledge or search the net.
This can mean that, while stealing access data, a user outside the conversation can become part of itand put the security and privacy of our environment at risk.
The company responsible for Zoom is already aware of the problem and is working on a solution that avoids the problem with the conversation in links the call routes. While the fix arrives, network administrators can disable the automatic submission of credentials for logins, although this may pose some issues.
To do so, they must access the Device Configuration and within it Device Configuration Windows and Security Settings Look for the section Security Optionsand inside go to Network security: restrict NTML: outgoing NTML traffic to remote servers where you must check the option Deny all "
Another solution for users is to modify the value in the registry in the path HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 and add a value called RestrictSendingNTLMTraffic, to which they will have to give the value 2.
Zoom is back under scrutiny, as we must remember that a few days ago the ZOOM app came to light in iOS it sent user analytics data to Facebook, even if they did not have an account on the social network.
Via | Bleeping Computer
