Ghost Join in WebEx Conferernces

Due to a vulnerability (CVE-2020-3419), attackers could join Webex meetings without being listed in the participants list. Hidden as a “ghost” from the other participants, attackers could eavesdrop on audio and video content. This is what Heise writes in his article today.1 But this is only possible (…) if attackers have access to meetings in the form of shared links and a password. Sounds quite trivial, but it isn’t. The objectives of confidentiality and integrity are lost when others eavesdrop unnoticed during a job interview for instance. Access data can be collected in unencrypted emails. It is not unusual for permanent meeting rooms to keep the same access data over an extended period of time. Read more