Home Cyber Security There was a bug in Zoom letting users crack meeting passwords in...

There was a bug in Zoom letting users crack meeting passwords in minutes

Zoom meetings
Zoom meetings

Zoom has been under a lot of scrutinies ever since the platform has become one of the go-to in order to make a video conference or do a virtual meeting ever since the pandemic started. One reason why it became popular was due to the number of people it could allow in the same meeting at a time. Since the video meetings were used for online classes as well as board meetings, people started to use Zoom in order to fit in closer to 100 people which is the limit.

However, Zoom was also said to be vulnerable to a lot of bugs and security vulnerabilities that were not being patched since the platform was only used by enterprises but since it became public, all the bugs were exposed and they were exploited as well. There was a huge problem when people started to enter random meetings and hurl abuses as well as do obscene things. Zoom fixed all of those bugs but it looks like they left some out there which have been found out now.

According to a new report, there is a bug found inside Zoom which would let people crack the meeting passwords and then enter those meetings. As we know, Zoom meetings are now password-protected so that unauthorized access is stopped. But if those passwords can be cracked within minutes, there is no particular security as such. SearchPilot, a cybersecurity firm, went out on a mission to crack these passwords.

They managed to crack “all 1 million passwords in a matter of minutes and gain access to other people’s private (password protected) Zoom meetings.” which was also made possible because Zoom does not have a rate limiter to how many times you can enter a wrong password. Generally, rate-limiting password attempts is good because people can understand if their servers or meetings, in this case, are under attack. But the lack of such a mechanism is wrong and we feel Zoom is going to fix it as soon as possible.