How to fix Zoom’s Windows 10 user-info and password-leak problems
The Zoom client has a vulnerability that can leak your Windows 10 sign-in information, and until there’s a permanent fix, you can use this workaround.
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
As the health crisis continues around the world, many people are turning to Zoom to communicate using voice and video with colleagues to work from home and stay connected with family and friends. However, a new vulnerability has recently been discovered with the desktop application by security researcherMatthew Hickey (@HackerFantastic)and Twitter userMitch (@g0dmode)that could allow hackers to obtain people’s Windows login name and password.
According to an investigation published byBleepingComputer, the problem is caused because how the Zoom client handles a Uniform Resource Locator (URL). When you use the Zoom chat, any URL you send is converted into a hyperlink (for example,
), which is convenient to open websites using the default web browser.
The only caveat is that if you send a Universal Naming Convention (UNC) path (for example,
), Zoom will also convert the path into an actionable link. If anyone clicks the link, Windows 10 (or another version) will try to connect to a remote host using the Server Message Block (SMB) network file-sharing protocol. When this happens, the system will also send your sign-in name and NT Lan Manager (NTLM) credential hash.
Although the hash containing your username and password are not sent in clear-text, the information can be quickly obtained within seconds using many tools freely available online. In addition to someone stealing your credentials, malicious individuals can also use this vulnerability to launch applications on the local device when the link is actioned.
In this Windows 10 guide, we’ll walk you through the steps to temporarily fix the security vulnerability that could allow attackers to obtain your device sign-in credentials until there’s a permanent fix.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
How to fix Zoom sign in credential leak using Group Policy
If you’re running Windows 10 Pro (or Enterprise), the easiest way to prevent the credential leak vulnerability while using Zoom is using the Local Group Policy Editor.
To prevent sending your credentials to a remote server with Zoom, use these steps:
Important:This is a temporary workaround, if you configure this policy on a computer joined into a domain or on a device connected to a file-sharing server, such as Network Attached Storage (NAS), you’ll have problems accessing the files on the remote computer.
Once you complete the steps, when using the Zoom client app on Windows 10, the sign-in NTLM credentials won’t be sent to a remote host when accessing a share.
In the case you change your mind, you can roll back the previous settings using the same instructions, but onstep No. 5, select theAllow alloption.
Configuring an exception (optional)
If you’re configuring this policy on a device that needs to connect to a remote server, you can create an exception to access the files or service with these steps:
After you complete the steps, Zoom should no longer send your Windows sign-in credentials to a remote host, and you should be able to continue accessing files on a remote server.
When you no longer need this configuration, you can undo the changes with the same instructions, but onstep No. 5, make sure to clear the exception list.
How to fix Zoom sign in credential leak using Registry
In the case you’re running Windows 10 Home, you won’t have access to the Local Group Policy Editor, but you can prevent Zoom from sending your credentials to a remote host by modifying the Registry.
Warning:This is a friendly reminder that editing the Registry is risky, and it can cause irreversible damage to your installation if you don’t do it correctly. It’s recommended to make a full backup of your PC before proceeding. Also, this is a temporary workaround. If you configure this policy on a computer connected to a file-sharing server, such as Network Attached Storage (NAS), you’re likely not able to access files on the remote server.
To prevent leaking your device sign-in information when using Zoom, use these steps:
After you complete the steps, the Zoom client should no longer send your NTLM credentials over the network to a remote host that someone can use to steal your device sign-in information.
You can always revert the changes by using the same instructions, but onstep No. 5, make sure to right-click theRestrictSendingNTLMTraffickey and select theDeleteoption.
Configuring an exception (optional)
If you’re configuring this policy on a device that needs to connect to a remote server, you can create an exception to access the files or service with these steps:
Once you complete the steps, you should be able to continue accessing files on a remote server while stopping the Zoom desktop client from potentially sending your NTLM credentials over the network.
When you no longer need the configuration, you can undo the changes by using the same instructions, but onstep No. 5, make sure to right-click theClientAllowedNTLMServerskey and select theDeleteoption.
Mauro Huculak has been a Windows How-To Expert contributor for WindowsCentral.com for nearly a decade and has over 15 years of experience writing comprehensive guides. He also has an IT background and has achieved different professional certifications from Microsoft, Cisco, VMware, and CompTIA. He has been recognized as a Microsoft MVP for many years.
