Security: SAML Vulnerability Zoom Video

Zoom Video Communications Public Statement

SAML vulnerability

2018 2 years May 27 days

On February 27, 2018, CERT announced a recently discovered vulnerability in SAML-based single sign-on (SSO). Exploitation can impersonate different users or privileged accounts. For more information about the reported vulnerabilities, see Duo Labs at Duo Finds SAML Vulnerabilities Affecting Multiple Implementations.

Who may be affected by this vulnerability?

Organizations using SAML-based SSO may be at risk.

How does this affect your Zoom account?

Zoom is a service provider, supports SAML-based SSO, and allows users to log in to the Zoom service using their company credentials. Zoom works with all Identity Providers (IdPs) that support SAML 2.0.

What does Zoom do to mitigate this vulnerability?

Zoom’s security and engineering teams have confirmed that they are not directly affected by this vulnerability. We contact our supporting IdPs to confirm that they are evaluating the vulnerability and take the necessary steps to mitigate this threat if necessary.

Do you need to do something?

If you are using SAML-based SSO, please contact your SAML provider to assess your vulnerability and ensure that you are taking steps to mitigate the threat.

 


Read it also –

Security Ghost Vulnerability Zoom App
How To Change Account Security Settings In Zoom App
Security Cve 2018 15715 Zoom App
How To Assign Users To Receive Security Emails From Zoom
How To Start With Zoom Security And Privacy
About Cooperation With Security Group On Ad In Zoom App
Security White Paper In Zoom App

Frequently Asked Questions

 

Protecting your data

Communication between the client and server is established using Transport Layer Security (TLS). Meetings, webinars, and messaging content is encrypted using the Advanced Encryption Standard (AES) at 256 bits, with the option of end-to-end encryption available.

Due to its ease-of-use, the multitude of features it offers, and its robust integrations, Zoom is the leading video conferencing solution on the market. This product is able to provide users with an immersive virtual meeting or webinar experience because of its scalability and interactive tools such as whiteboards and screen sharing.
A hacker could remotely take over any Windows 7 or earlier system using a flaw discovered by an unnamed security researcher. Soon after the flaw became public, Zoom fixed it with a software update.
You can prevent ZoomBomb attempts by enabling only signed-in users to join by clicking the arrow to the right of Share Screen, then Advanced Sharing Options and selecting “One participant can share at a time.” It is only possible to join a Zoom meeting if you are invited and logged in.
Zoom is less secure than Google Meet. End-to-end encryption isn’t used, but messages are encrypted. A message is encrypted while it is in transit. Only Google’s servers and your device are encrypted.
The use of Zoom meetings is relatively safe these days. Platform security gaps appear to be addressed and the company is focusing on staying on top of the latest vulnerabilities.
Zoom is less secure than Google Meet. End-to-end encryption is not used, but messages are encrypted. A message is encrypted while it is in transit.

Related articles

Why Does Online Education Rely So Much On Video Calls
Customize Video And Content Display In Zoom App
How To Turn Video Off When Joining A Zoom Meeting
How To Spotlight Participants Videos
How To See My Video During A Zoom Meeting
How To Hide My Video During A Zoom Meeting
Show Hide My Video Self View On My Screen In Zoom Meeting App
How To Optimize Video Quality With De Noise In Zoom App
How To Manage Advanced Video Settings In Zoom
Camera Video Unavailable On Mac Os For Zoom
Camera Video Is Not Available On Mac Os Running 10 7 In Zoom App
How To Enable Participants Video In Zoom Meeting
How To Get Start With Zoom Rooms Video
About Chats During Zoom Video Conferences
What Kind Of Video Conferencing Recording Can Be Done With Zoom