- Jul 27, 2015
- 5,459
One of the features of Zoom is the ability to create a ‘Vanity URL,’ which is described on the Zoom website as: A Vanity URL is a custom URL for your company, such as yourcompany.zoom.us. In addition, the organization can add a dedicated and customized website for this service.
The Vanity URL mechanism allows organizations to create a customized version of Zoom’s invitations links. Prior to Zoom’s fix, an attacker could have attempted to impersonate an organization’s Vanity URL link and send invitations which appeared to be legitimate to trick a victim. In addition, the attacker could have directed the victim to a sub-domain dedicated website, where the victim entered the relevant meeting ID and would not be made aware that the invitation did not come from the legitimate organization.
Fixing the Zoom ‘Vanity Clause’ – Check Point and Zoom collaborate to fix Vanity URL issue - Check Point Software
Research by: Adi Ikan, Liri Porat and Ori Hamama Introduction As the world starts to emerge from Coronavirus-related lockdowns, and organizations continue
blog.checkpoint.com