Another vulnerability in Zoom allows hackers to steal Windows username, password

By Xite - April 2, 2020
Infamous app Zoom has two new issues: one can allow hackers to easily steal the Windows username and password of the participants and the other is leaking email addresses and photos to strangers.

Zoom, a video conferencing app that became infamous for sharing analytics data with Facebook, is once again in the news for an alleged vulnerability. Zoom automatically converts all links into clickable links, including network paths. So, if strangers, who could easily join large chat sessions, post links, and if a chat participant clicks on that link, it can easily allow hackers to steal the Windows username and password of the participants.
According to a report by mspoweruser, when a chat participant clicks on a malicious link, Windows automatically tries to, or logs in to that network, sending the username and NTLM password hash (an authentication protocol by Microsoft), which can easily be cracked. Zoom has been apprised of the issue.



Meanwhile, another flaw in Zoom is that it seems to leak email addresses, photos, and allows some users to initiate a video call with strangers. According to Vice, this is because of a feature called ‘Company Directory’ that allows users to add others in the same domain. This makes it easier for employees to call others easily. However, the feature is reportedly treating some private domains as a part of a company and adding random people in the domain.

It becomes a matter of grave concern because office-goers globally are using the app extensively due to the work-from-home mandate. In India, Zoom has become the top app under the free section of the Google Play Store. It is being used more than other popular apps, like WhatsApp, TikTok, and Instagram. As per Apptopia, the daily downloads of the video conferencing app had increased from around 1,70,000 in the middle of February to nearly 2.5 million by the end of March.

  • Tags
  • zoom