Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes

2020-07-30 03:40

Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants.

Zoom meetings are by default protected by a six-digit numeric password, but according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate limiting enabled "An attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people's private Zoom meetings."

It's worth noting that Zoom began requiring a passcode for all meetings back in April as a preventive measure to combat Zoom-bombing attacks, which refers to the act of disrupting and hijacking Zoom meetings uninvited to share obscene and racist content.

Anthony reported the security issue to the company on April 1, 2020, along with a Python-based proof-of-concept script, a week after which Zoom patched the flaw on April 9.

Following the findings, Zoom took the web client offline to mitigate the issues on April 2 before issuing a fix a week later.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/HxAFTzFPylY/zoom-meeting-password-hacking.html

#crack #zoom

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Zoom		51	4	50	57	8	119