Security News > 2020 > January > Zoom Bug Could Have Let Uninvited People Join Private Meetings

Besides hosting password-protected virtual meetings and webinars, Zoom also allows users to set up a session for non-pre-registered participants who can join an active meeting by entering a unique Meeting ID, without requiring a password or going through the Waiting Rooms.

To circumvent such scenarios, Zoom late last year introduced some additional controls under the password settings for meetings and webinars, which according to Check Point, was the result of research on security loophole the security firm responsibly reported to the company in July 2019.

"A hacker could pre-generate a long list of Zoom Meeting IDs, use automation techniques to quickly verify if a respective Zoom Meeting ID was valid or not, and then gain entry into Zoom meetings that were not password protected," researchers claimed.

Default Passwords ⁠- Zoom now, by default, automatically generates a six-digit numeric password for each meeting you create that participants need to enter when joining by manually entering the meeting ID. Account and Group Level Password Enforcement - Under new controls, three new password settings are now enforceable at the account, group, and user levels by the account admin.

Meeting ID Validation - Zoom will no longer automatically indicate if a meeting ID is valid or invalid, making it harder for automated scripts to determine active meetings.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/diw7xXDLpJc/zoom-meeting-password.html