Zoom bug allowed attackers to crack private meeting passwords

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,151
Content source
https://www.bleepingcomputer.com/news/security/zoom-bug-allowed-attackers-to-crack-private-meeting-passwords/
A lack of rate limiting on repeated password attempts allowed potential attackers to crack the numeric passcode used to secure Zoom private meetings as discovered by Tom Anthony, VP Product at SearchPilot.

"Zoom meetings are (were) default protected by a 6 digit numeric password, meaning 1 million maximum passwords," as Anthony discovered.

The vulnerability he spotted in the Zoom web client allowed attackers to guess any meeting's password by trying all possible combinations until finding the correct one.

"This enables an attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people’s private (password protected) Zoom meetings," he says.
"This also raises the troubling question a to whether others were potentially already using this vulnerability to listen in to other peoples' call."
Click to expand...
 
  • Like
  • +Reputation
Reactions: SeriousHoax, Gandalf_The_Grey, ForgottenSeer 85179 and 6 others
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Zoom is another household name we'll have to get used to, just like Skype or Hangouts. It also seems like there have been more vulnerabilities for Zoom than Flash player in the past 6 months.

These apps and services so poorly designed, that once they gain any sort of popularity, they break to show how weak they actually are.
 
  • Like
  • +Reputation
Reactions: upnorth, SeriousHoax, silversurfer and 4 others
Eggnog

Eggnog

Level 3
Verified
Well-known
Mar 21, 2018
108
I have a feeling Zoom will tighten things up now that so many are starting to rely on them due to the pandemic. My organization is now using it extensively for a variety of purposes. I've noticed they've been updating it a lot since we first began using it back in March.
 
  • Like
Reactions: show-Zi and Protomartyr
show-Zi

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
I think there are many people who have introduced this software because of the sudden telecommuting. For an intruder, finding a vulnerability in the software at this time can be a "blessed rain" that falls just before harvest. It is the software that needs the attention of the security most.
 
  • Like
Reactions: CyberPanther, upnorth, Stopspying and 1 other person
Stopspying

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
Spawn said:
Zoom is another household name we'll have to get used to, just like Skype or Hangouts. It also seems like there have been more vulnerabilities for Zoom than Flash player in the past 6 months.

These apps and services so poorly designed, that once they gain any sort of popularity, they break to show how weak they actually are.
Click to expand...
Totally agree with this. Several months ago there were numerous posts being made about Zoom vulnerabilities, many reported here, the poor coding continues to be exposed and probably will be for a long time to come. Yet Zoom continues to be the go-to app for this type of use, despite all the warnings the wider internet herd of sheep mentality continues to use it. We've seen this same behaviour pattern since the internet started to grow.

Its a job creation project run by by IT experts! There's usually a silver lining for some!
 
  • Like
Reactions: Protomartyr, show-Zi and upnorth
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
  • Like
Reactions: Protomartyr, Stopspying, CyberPanther and 3 others
You must log in or register to reply here.

Similar threads

The_King
    • Like
    • Wow
NPM fixes private package names leak, serious authorization bug
Replies
0
Views
799
News Archive
The_King
The_King
oldschool
    • Like
    • +Reputation
    • Applause
Security Firms Aiding Ukraine During War Could Be Considered Participants in Conflict
Replies
3
Views
910
News Archive
Bumblebee Uncle
Bumblebee Uncle
Bot
    • Like
    • Thanks
10 Tips for Zoom security and privacy (by Kaspersky)
Replies
13
Views
2,399
Office, email and business apps
Parsh
Parsh

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top