
Zoom security bug lets attackers steal Windows passwords - sturza
https://mashable.com/article/zoom-vulnerability-windows-passwords/
======
zrobotics
"The problem lies with the way Zoom's chat handles links, as it converts
Windows networking UNC (Universal Naming Convention) paths into clickable
links."

This is deeply concerning, but I feel this should really be looked at more as
a Windows bug than a Zoom issue. I get that UNC is mainly intended for local
networking, but why is the (encoded) user password included in the string?
This just seems like a huge security vulnerability, it wouldn't surprise me at
all if this bug is exploitable in many other applications besides Zoom.

------
jlgaddis
Different article, same subject:
[https://news.ycombinator.com/item?id=22748379](https://news.ycombinator.com/item?id=22748379)

