WinZip 24 Insecure Communication

In the process of checking for updates on the WinZip network communications, the experts have found that the WinZip archiver was vulnerable to several attacks through the unsecured http. Any threat actor can easily exploit this by granting a rogue “update.” 

WinZip is currently at version 25, but shortly after it releases, check the server for updates over an unencrypted link, a vulnerability that could be exploited by an ill-disposed actor. It also resembled that the registration data was transferred via http, like the username and registration code.

WinZip has been a long-standing service for Windows users with file archiving requirements beyond the support that has been built in the operating system. The security experts of Trustwave firm, Martin Rakhmanov asserted that it’s the user who thinks that it is a new version that could administer the malicious code. 

However, in one of the trial versions of WinZip, a popup is displayed from time to time, and this popup’s main content is filled through http that could easily be adjusted by an attacker on the network. 

First Finding

In the first finding, it has been affirmed in the report that HTTP is unencrypted clear text, and it can be grasped, planned, or highjacked by anyone with the capacity to see that traffic. It implies that anyone who is on the same network as a user running an unsafe version of WinZip can use different techniques.

Methods like DNS poisoning to fool the application so that it can fetch “update” files from a malicious web server rather than a legitimate WinZip update host. 

However, the application transmits out all the sensitive data like the registered username, registration code, and some other data in the query sequence as a part of the update request.

Second Finding

In the second finding, the WinZip 24 opens a popup window from time to time while running in Trial mode. As the content of these popups is HTML along with JavaScript that is also reclaimed through HTTP. 

But, it manipulates that content skillfully for a network that are adjacent to the threat actor. Moreover, in the end, ill-disposed actors can easily exploit this issue to perform arbitrary code, as we have said in the previous situation.

Mitigations

The experts have provided some mitigations; The WinZip users can alleviate these issues by upgrading to the most advanced version of WinZip. 

This version accurately uses HTTPS and is no longer defenseless to these sorts of attacks. And all the users who can’t upgrade should check the opt-out of the update and look for one of the verified updates.

But there must be many users who may not afford to get the popular release, as the upgrades are paid. The standard WinZip costs $35.64, and the Pro edition costs are $59.44. Rather than this, users are advised to impair the update checks.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.

Also Read: FireEye Hacked – Sophisticated State-Sponsored Hackers Stole FireEye Red Team tools

Leave a Reply