![]() Users can able to add a password to already-scheduled future meetings and received instructions by email on how to do so.Passwords are added by default to all future scheduled meetings.In response, Zoom took the following actions: Force hosts to use passwords\PINs\SSO for authorization purposes.Increase the number of digits\symbols in the Meeting IDs.Replace the randomization function with a cryptographically strong one.Re-implement the generation algorithm of Meeting IDs.The firm contacted Zoom on July 22 last year and proposed several mitigations, including: ![]() The firm pre-generated a list of potentially valid Zoom Meeting IDs, took 1,000 random IDs and prepared the URL string for joining the meeting.īut how could we determine if a Zoom Meeting ID represented a valid meeting or not? We discovered a fast and easy way to check this based on the following “ div” element present in the HTML Body of the returned response, when accessing “ Join Meeting” URL (’.format(response.url))Īccording to Check Point, its researchers were able to predict about 4% of generated Meeting IDs. If a user didn’t’ enable the “Require meeting password” option of enabled Waiting Room, the nine-to-11-digit meeting IDs were the only thing securing a meeting and preventing an unauthorized person from listening in. A vulnerability in teleconferencing app Zoom would have allowed a malicious actor to identify and join in on active meetings, Check Point Research says in a new report.Īccording to the cybersecurity research firm Check Point Research, the problem had to do with Zoom Meeting IDs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |