HomeWinBuzzer NewsResearchers Uncover Zoom Rooms Vulnerability Allowing Unauthorized Access

Researchers Uncover Zoom Rooms Vulnerability Allowing Unauthorized Access

Researchers have discovered a critical vulnerability in Zoom Rooms that could allow attackers to access sensitive data.

-

Researchers at AppOmni have reported a critical vulnerability in Zoom Rooms, a feature of the popular video conferencing platform Zoom, designed to streamline video collaboration in physical spaces like meeting rooms. The security experts identified the flaw in June 2023, revealing that attackers could exploit it to access a victim organization's Zoom tenant, which would allow them to potentially intercept confidential information shared in Team Chat, Whiteboards, and other Zoom applications. Zoom has addressed the issue, confirming that it did not impact production tenants, thus safeguarding users against potential .

Understanding the Zoom Rooms Vulnerability

The discovered vulnerability stems from the predictable nature of email addresses assigned to Zoom Rooms service accounts. These accounts, which are equipped with licenses for Whiteboards and Meetings, have extensive access within a Zoom tenant and are created with an email address in the format rooms_@companydomain.com. The exploit involved predicting these email addresses and activating the accounts using a legitimate email provider's domain, such as outlook.com, resulting in unauthorized account control.

The Broader Implications of the Security Flaw

This incident has shed light on potential security risks associated with the use of Software as a Service (SaaS) systems. The accounts could not be removed by administrators from the Team Chat feature, indicating that service accounts could persist undetected while having access to sensitive information. Although this vulnerability has been patched, companies are now more aware of the need to vigilantly secure each component of their SaaS systems to prevent such unauthorized access.

Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

Mastodon