5/30/2023 0 Comments What is zoom chatSending a very specific stanza, which he detailed, results in creating a ClusterSwitch task in the Zoom client with an attacker-controlled web domain as a parameter.Ĭreating a man-in-the-middle (MITM) server to exploit this bug also revealed a bunch of data from the /clusterswitch endpoint, including a list of domains for various Zoom services. However, Frantric noted the "most impactful vector" in the stanza smuggling vulnerability can allow an attacker to exploit the cluster switch. XMPP stanza smuggling can be used for a variety of nefarious purposes - everything from spoofing messages to make them look like they are coming from a different user to sending control messages that will be accepted as if they are coming from the server.
0 Comments
Leave a Reply. |