Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Science
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Find Cricket Statistics
Hindi
More
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Science
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Science News / Zoom bug allowed breaking into private password-protected meetings
  • Science

    Zoom bug allowed breaking into private password-protected meetings

    Shubham Sharma
    Written by
    Shubham Sharma
    Twitter
    Last updated on Jul 30, 2020, 07:11 pm
    Zoom bug allowed breaking into private password-protected meetings
  • Even after all the promises, video conferencing giant Zoom keeps running into security issues.

    Just recently, we detailed a bug in the service that allowed mimicking of reputed organizations, and now, in another case, a researcher has reported a vulnerability that allowed cracking of private meeting passwords in a matter of minutes.

    Here is all you need to know about it.

  • In this article
    No rate limiting in six-digit passcode of meetings He tested the theory, broke into a meeting Here is Anthony's tweet Then, the bug was reported to Zoom, fix was deployed No evidence of issue being exploited, Zoom clarified
  • Passcodes

    No rate limiting in six-digit passcode of meetings

  • In a recent tweet, Tom Anthony, the Product VP at SearchPilot, revealed that Zoom's web client, in April, was not rate-limiting the attempts to enter the default 6-digit passcode of video meetings.

    The issue, he found, could easily be exploited by anyone to brute-force all possible passcode combinations, 1 million in all, and enter into private conferences, without the consent of the host.

  • Demo

    He tested the theory, broke into a meeting

    He tested the theory, broke into a meeting
  • Anthony tested his theory and was able to break into a private Zoom meeting in a matter of just 25 minutes.

    He used an AWS machine for the hack and brute-forced some 91,000 combinations until the correct one appeared and worked.

    "With improved threading, and distributing across 4-5 cloud servers, you could check the entire password space within a few minutes," he emphasized.

  • Twitter Post

    Here is Anthony's tweet

  • So a few months ago I realised Zoom doesn't rate limit password attempts for meetings, and has only 1 million passwords. Meaning you could join private meetings within minutes. 😮 https://t.co/NDUEmzUprX

    — Tom Anthony (@TomAnthonySEO) July 29, 2020
  • Report

    Then, the bug was reported to Zoom, fix was deployed

  • After discovering the flaw, Anthony reported the matter to Zoom, prompting the company to take its web client down - to prevent any exploit.

    Then, in about a week, the video-conference giant deployed a fix for the flaw by requiring a "user to log in to join meetings in the web client, and updating the default meeting passwords to be non-numeric and longer."

  • Statement

    No evidence of issue being exploited, Zoom clarified

    No evidence of issue being exploited, Zoom clarified
  • In an official statement issued in light of Anthony's report, Zoom clarified that it "improved rate-limiting, addressed the CSRF token issues, and relaunched the web client on April 9."

    "The issue was fully resolved, and no user action was required," the company said, noting that it is not aware of any instances where a hijacker used this vulnerability to break into a meeting.

  • Security
  • Anthony
  • AWS
  • Zoom
  •  
Latest News
  • NewsBytes Briefing: Investigation uncovers Facebook's pro ISIS move, and more
    NewsBytes Briefing: Investigation uncovers Facebook's pro ISIS move, and more
    Science
  • PUBG: New State announced for iOS, Android; Unavailable in India
    PUBG: New State announced for iOS, Android; Unavailable in India
    Science
  • Indian versions of 'Suits', 'House', 'Monk', 'SNL' are being planned
    Indian versions of 'Suits', 'House', 'Monk', 'SNL' are being planned
    Entertainment
  • Google integrates lightweight HTML5 games into Chrome browser on Android
    Google integrates lightweight HTML5 games into Chrome browser on Android
    Science
  • Sony announces next-generation PSVR headset for the PlayStation 5
    Sony announces next-generation PSVR headset for the PlayStation 5
    Science
Related Timelines
  • #BugAlert: Dating app Grindr risked private user information
    #BugAlert: Dating app Grindr risked private user information
    Science
  • #BugAlert: Gmail bug allowed sending fake emails from real accounts
    #BugAlert: Gmail bug allowed sending fake emails from real accounts
    Science
  • Zoom bug allowed mimicking organizations; now fixed
    Zoom bug allowed mimicking organizations; now fixed
    Science
  • #WeeklyRecap: Free Google Meet, bugs in Chrome, Microsoft Teams, more
    #WeeklyRecap: Free Google Meet, bugs in Chrome, Microsoft Teams, more
    Science
Trending Topics
Samsung Facebook Amazon OnePlus Mobiles Android TV Smart TV Latest Gadget Launch MediaTek Dimensity 1000+ COVAXIN Latest Tech News Upcoming Mobile Phones
Next News Article
Share
Cancel

Want to share it with your friends too?

Facebook Whatsapp Twitter Linkedin
Copied

Love Science news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Science News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Bharti Airtel Mukesh Ambani Indian Premier League Samsung Virat Kohli Rohit Sharma
Cricket News Narendra Modi Facebook YouTube Hollywood News WhatsApp Bollywood News ISRO Rahul Gandhi Yoga
Honda Batman Football News BMW Vaccine Reliance Jio OPPO Amazon Food News, Healthy Recipes Royal Challengers Bangalore
Toyota Fashion Tips Farmers Protest Mercedes Isha Ambani India Vs England Cricket OnePlus Mobiles Android TV Smart TV Marvel Comics
Avengers Neha Kakkar Premier League Big Bang Theory
About Us Privacy Policy Terms & Conditions Contact Us News Reviews News Archive Topics Archive Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2021