Hi @zoom_us & @NCSC – right here is an instance of exploiting the Zoom Windows shopper utilizing UNC path injection to reveal credentials to be used in SMBRelay assaults. The display shot under reveals an instance UNC path hyperlink and the credentials being uncovered (redacted). pic.twitter.com/gjWXas7TMO
— Hacker Fantastic (@hackerfantastic) March 31, 2020
As reported by Bleeping Computer, the vulnerability stems from the truth that Zoom robotically converts all URLs which might be despatched through textual content messages into hyperlinks. However, it presently fails to tell apart between precise URLs and Windows networking UNC paths, changing all of them into hyperlinks en masse. If a person clicks on a UNC path hyperlink, Windows will try to connect with the distant web site, thereby sending the person’s login title and NTLM password hash to the malicious server.
The researchers additionally launched a proof-of-concept demo that not solely illustrates how the password hashes could be despatched to third-party servers, however how they are often even be cracked utilizing free instruments like Hashcat to dehash, doubtlessly jeopardizing hundreds of thousands of customers. As if that wasn’t unhealthy sufficient, Hickey additionally claims that the vulnerability can be utilized to launch packages on a neighborhood pc through the use of the same course of.
The drawback remained unresolved as of Tuesday, however Hickey says that Zoom can simply mitigate it by now not changing UNC paths into clickable hyperlinks. “Zoom should not render UNC paths as hyperlinks is the fix, I have notified Zoom as I disclosed it on Twitter”, he informed Bleeping Computer. Zoom is but to launch a repair to mitigate the vulnerability, however there are a few handbook workarounds utilizing the Group Policy Editor and the Windows Registry. You can verify them out on Bleeping Computer.