Prying-Eye Vulnerability Exposes Online Meetings to Snooping

Oct 1, 2019 10:00 pm Cyber Security 349

Prying-Eye Vulnerability Exposes Online Meetings to Snooping

Web-conferencing users who don't assign passwords could be having online meetings with more people than they think, according to new research.





The Cequence CQ Prime Threat Research team today announced its discovery in July 2019 of a vulnerability in the Cisco Webex and Zoom video-conferencing platforms that potentially exposes millions of online meetings to snooping.  





By launching an enumeration attack that targets web-conferencing APIs with a bot that cycles through (enumerates) and discovers valid numeric meeting IDs, threat actors could exploit the vulnerability to view and listen to active meetings that haven't been protected by a password. 





"In targeting an API instead of a web form fill, bad actors are able to leverage the same benefits of ease of use and flexibility that APIs bring to the development community," said Shreyans Mehta, Cequence Security CTO and co-founder. 





"In the case of the Prying-Eye vulnerability, users should embrace the shared responsibility model and take advantage of the web-conferencing vendors’ security features to not only protect their meetings but also take the extra step of confirming the attendee identities."





Following best practices on vulnerability disclosures, the CQ Prime team notified the impacted vendors and gave them time to validate and respond to the findings.





Richard Farley, CISO of Zoom Video Communications, Inc., said: "Zoom has improved our server protections to make it much harder for bad actors or m ..

Support the originator by clicking the read the rest link below.

prying vulnerability exposes online meetings snooping
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!