Security: SAML Vulnerability Zoom Video
Contents
- 1 Zoom Video Communications Public Statement
- 1.1 Who may be affected by this vulnerability?
- 1.2 How does this affect your Zoom account?
- 1.3 What does Zoom do to mitigate this vulnerability?
- 1.4 Do you need to do something?
- 1.5 Frequently Asked Questions
- 1.6 How secure is Zoom video?
- 1.7 Why Zoom is the best video conference?
- 1.8 How did Zoom fix security issues?
- 1.9 How do I secure Zoom from hackers?
- 1.10 Is Google meet more secure than Zoom?
- 1.11 Has Zoom security improved?
- 1.12 Which is more secure Google meet or Zoom?
- 1.13 Related articles
- 1.14
Zoom Video Communications Public Statement
SAML vulnerability
2018 2 years May 27 days
On February 27, 2018, CERT announced a recently discovered vulnerability in SAML-based single sign-on (SSO). Exploitation can impersonate different users or privileged accounts. For more information about the reported vulnerabilities, see Duo Labs at Duo Finds SAML Vulnerabilities Affecting Multiple Implementations.
Who may be affected by this vulnerability?
Organizations using SAML-based SSO may be at risk.
How does this affect your Zoom account?
Zoom is a service provider, supports SAML-based SSO, and allows users to log in to the Zoom service using their company credentials. Zoom works with all Identity Providers (IdPs) that support SAML 2.0.
What does Zoom do to mitigate this vulnerability?
Zoom’s security and engineering teams have confirmed that they are not directly affected by this vulnerability. We contact our supporting IdPs to confirm that they are evaluating the vulnerability and take the necessary steps to mitigate this threat if necessary.
Do you need to do something?
If you are using SAML-based SSO, please contact your SAML provider to assess your vulnerability and ensure that you are taking steps to mitigate the threat.
Read it also –
Frequently Asked Questions
How secure is Zoom video?
Communication between the client and server is established using Transport Layer Security (TLS). Meetings, webinars, and messaging content is encrypted using the Advanced Encryption Standard (AES) at 256 bits, with the option of end-to-end encryption available.