Zoom was quick to address the vulnerability, by adding rate limiting and improving the poor password system in the first week of April after Anthony reported the flaw to the company on the first of the month.
Zoom users appear unlikely to have changed the default six-digit numeric password to one with the maximum ten characters allowed, which could be alphanumeric, opening up the possiblity eavesdropping of conferences with relative ease.Īnthony speculated that he wasn't the first to have discovered the flaw, since there was user called "iPhone" with camera and microphone turned off in the UK PM's cabinet Zoom call. It is possible to change the default, six-digit password but only for scheduled Zoom meetings and not for spontaneous ones. Making the matter worse, Zoom had not put a rate limit on repeated password guesses, and Anthony also discovered other issues that made the attack work on scheduled meetings as well. The six digits meant a maximum of one million passwords, a low number of possiblities that could be brute-forced guessed within a few minutes using four to five cloud servers to do the work, Anthony wrote. Zoom technical support can be requested via the service desk.Anthony was among several who noticed that the screenshot had the Zoom meeting identifier visible.Īpart from the meeting ID, the link for the meeting also contained an automatically generated six digit hashed password, Anthony noticed.
This change does not apply to meetings scheduled before 6 PM on Wednesday unless the meeting or meeting series is updated, whereupon a new link with password will be needed. The convenience of one-click to join a meeting continues and the automatically-generated password is listed on the meeting invitation for participants who may wish to join by telephone.
Meeting participants won't need to enter the password if they have the scheduled Zoom meeting invitation link. Zoom now automatically secures scheduled Zoom meetings with a password. Instructions on how you can find your new Zoom personal meeting room link are available on the Staff Services Portal. This is because your link will have changed and now includes an embedded password. If you've sent people your personal meeting room link as a way of organising your meeting, and have not previously set a password for your personal meeting room, you'll need to communicate a new personal meeting room link to your guests to ensure they can access your meeting room. Zoom Personal Meeting Rooms (also known/referred to as 'My Personal Meeting ID' or 'PMI' rooms) now require a password.
0 kommentar(er)
