These attacks don’t require a cracking technique to convert the hash to its corresponding plain-text password. That leaves the networks open to so-called SMBRelay attacks, that can be used to gain unauthorized access to various resources.
#Zoom windows client windows
Typically, resources on a Windows network will accept the Net-NTLM-v2 hash when authenticating a device. AdvertisementĪttackers can then use the credentials to access shared network resources, such as Outlook servers and storage devices. In the event that targets click on those links on networks that aren’t fully locked down, Zoom will send the Windows usernames and the corresponding Net-NTLM-v2 hashes to the address contained in the link. The Zoom app for Windows automatically converts these so-called universal naming convention strings-such as \\/C$-into clickable links. Embed network location hereĪttacks work by using the Zoom chat window to send targets a string of text that represents the network location on the Windows device they’re using. Many of these home users are connecting to sensitive work networks through temporary or improvised means that don’t have the benefit of enterprise-grade firewalls found on-premises. With massive numbers of people working from home, they rely on Zoom to connect with co-workers, customers, and partners.
#Zoom windows client software
Users of Zoom for Windows beware: the widely used software has a vulnerability that allows attackers to steal your operating system credentials, researchers said.ĭiscovery of the currently unpatched vulnerability comes as Zoom usage has soared in the wake of the coronavirus pandemic. What follows is the Ars post as it appeared earlier on Wednesday: Wednesday's post also said that the UNC vulnerability described in this post, and a separate pair of vulnerabilities researcher Patrick Wardle found in Zoom for macOS, have been fixed. The video conferencing company also said it was enacting a feature freeze for the next 90 days so it could focus on securing the features that are already in place. Update: 9:47 California time On late Wednesday, Zoom officials said that the UNC bug and a separate pair of bugs disclosed by researcher Patrick Wardle had been fixed. Christopher Blizzard reader comments 114 with
0 kommentar(er)
