Zoom Video Communications Public Statement
2018 2 years May 27 days
On February 27, 2018, CERT announced a recently discovered vulnerability in SAML-based single sign-on (SSO). Exploitation can impersonate different users or privileged accounts. For more information about the reported vulnerabilities, see Duo Labs at Duo Finds SAML Vulnerabilities Affecting Multiple Implementations.
Who may be affected by this vulnerability?
Organizations using SAML-based SSO may be at risk.
How does this affect your Zoom account?
Zoom is a service provider, supports SAML-based SSO, and allows users to log in to the Zoom service using their company credentials. Zoom works with all Identity Providers (IdPs) that support SAML 2.0.
What does Zoom do to mitigate this vulnerability?
Zoom’s security and engineering teams have confirmed that they are not directly affected by this vulnerability. We contact our supporting IdPs to confirm that they are evaluating the vulnerability and take the necessary steps to mitigate this threat if necessary.
Do you need to do something?
If you are using SAML-based SSO, please contact your SAML provider to assess your vulnerability and ensure that you are taking steps to mitigate the threat.