Zoom Cloud Meetings Windows Client | Version: 4.6.11 (20559.0413) Memory Heap Inspection Vulnerability
CVSS3.0: AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N Severity: 4.0 (Medium)
Overview
The Windows application of the Zoom Cloud Meetings software contains a vulnerability, since e-
mail address and plain text passwords are not removed from memory, it could be exposed to an
attacker using a heap inspection attack that reads the sensitive data using memory dumps or
other methods.
PoC
The attacker must be able to access the computer, and must be able to create memory dumps of
the running processes. When the dump was successfully created, the attacker can simply search for string ‘name=”’, and
the password is being revealed.
On the screenshot below, it’s visible that the application is logged out, but the password is still
available in the memory.
Impact
Total account compromisation is possible if the account has disabled two factor authentication capabilities.
Disclosure Timeline and further notes
- First attempt to contact developer: 04/14/2020 (Request opened with ID #4302833)
- Second attempt to contact developer: 05/02/2020 (Request opened with ID #5100257)
- Third attempt to contact developer: 07/04/2020 (Request opened with ID #6559378)
I still not received any updates on my reports.
I requested a CVE number on
Any updates will posted here.
08/10/2020 Update:
In the latest release of the Zoom client, the credentials can be dumped only, while the user is logged in.