Top Categories

Spotlight

todayAugust 6, 2020

Blog admin

35000 ZoOM ID’s exposed to internet – one can join meeting without authentication

One of the Security researchers of our company has found a security vulnerability in the Zoom platform where users can join many meetings without any authentication and they are google indexed with many big company giants. We are attaching screenshots for people’s reference. This is purely compromising the privacy of company [...]


Vulnerability Management, Robotically Optimized.™

Static Application Testing (SAST)

Behavioral-Based Threat Detection

Malware Bot Security Management

Find your solution..

by role

DevOps

CISOs

CTOs

Testing & Quality Assurance

by industry

Financial Services

Healthcare

Government

Games

eCommerce

Blockchain

Our partners

True partners are an extension of ourselves. Find a local partner and put the security in your DevOp teams.

Find a partner

Become a partner

Become a partner and provide our cutting edge AI Vulnerability Detection and Reasoning engine to your customers.

Become a partner

35000 ZoOM ID’s exposed to internet – one can join meeting without authentication

Blog admin todayAugust 6, 2020 307

Background
share close

One of the Security researchers of our company has found a security vulnerability in the Zoom platform where users can join many meetings without any authentication and they are google indexed with many big company giants. We are attaching screenshots for people’s reference. This is purely compromising the privacy of company users. We are attaching files as users can see the count also.

Here is the below link for where it is containing more than 35000 user ids and they mentioned that in their platform that they do not store any values related to users and now they are google indexed. Security is just an illusion. When reported this bug, the researcher received the reply like this:

https://drive.google.com/drive/folders/1YAOEalTFmRur08zCXyrE8KM6xCapTA2l?usp=sharing

Thanks for reading the article.

Written by: admin

Rate it
Previous post

todayJuly 19, 2020

  • 284
close

Blog admin

XXE+SSRF INJECTION

Google Dorking is most important tool and sometimes it leads to bigger results sometimes it lead to remote code execution or XXE injection. Let’s check it out, how it gathers ...


Similar posts

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *


ABOUT US



Intelligent & Continuous Security Improvement with advanced ML.



CONTACT US