Vulnerability Spotlight: Zoom Communications user enumeration

Video conferencing and calling software has spiked in popularity as individuals across the globe are forced to stay home due to the COVID-19 pandemic. There are a plethora of players in this space, with one or two getting increased attention. One service in particular — Zoom — has received an...

Zoom Communications Registered Users Enumeration

Summary Zoom doesn’t properly validate certain XMPP requests coming from the clients, which can lead to disclosure of details about registered users. Tested Versions Zoom Service As Of April 9th 2020 Product URLs https://zoom.us CVSSv3 Score 6.5 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE...