Just recently, we detailed a bug in the service that allowed mimicking of reputed organizations, and now, in another case, a researcher has reported a vulnerability that allowed cracking of private meeting passwords in a matter of minutes.
So a few months ago I realised Zoom doesn't rate limit password attempts for meetings, and has only 1 million passwords. Meaning you could join private meetings within minutes. 😮 https://t.co/NDUEmzUprX
Then, the bug was reported to Zoom, fix was deployed
After discovering the flaw, Anthony reported the matter to Zoom, prompting the company to take its web client down - to prevent any exploit.
Then, in about a week, the video-conference giant deployed a fix for the flaw by requiring a "user to log in to join meetings in the web client, and updating the default meeting passwords to be non-numeric and longer."