Popular video conferencing platform Zoom disclosed this week that it fixed a bug, which allowed attackers to crack private meeting numeric passcodes.
By default, Zoom meetings are protected by a six-digit numeric password. However, according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate limiting password attempts enabled “an attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people’s private (password protected) Zoom meetings.”
Upon reporting the issue to Zoom on April 1, 2020, the tech company took the web client offline and fix the problem by April 9. Zoom mitigated the issue by both requiring a user logs in to join meetings in the web client, and updating default meeting passwords to be non-numeric and longer.
Read more about it here.