Security News > 2020 > January > Zoom Fixes Flaw That Could Allow Strangers Into Meetings

Zoom Fixes Flaw That Could Allow Strangers Into Meetings
2020-01-30 11:03

Zoom Video Communications has fixed a vulnerability that - under certain conditions - could have allowed an uninvited third party to guess a Zoom meeting ID and join a conference call.

The flaw was due, in part, to an attacker potentially being able to guess a valid Zoom meeting ID, according to Alexander Chailytko, a research and innovation manager at Check Point, who notes that all Zoom meeting IDs have nine to 11 digits.

First, Zoom now makes meetings password-protected by default, Check Point writes.

According to guidance issued by Zoom it appears that Zoom administrators can permanently disable that default.

Earlier last year, security researcher Jonathan Leitschuh found a bug that could be used to suddenly launch Zoom's client and force someone to join a conference call - and, depending on how Zoom was configured, add them with their video camera enabled.


News URL

https://www.inforisktoday.com/zoom-fixes-flaw-that-could-allow-strangers-into-meetings-a-13665

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zoom 52 4 50 57 9 120