How to create a zoom link without password – none: –

Looking for:

Ever needed a Zoom password? Probably not. But why not? | WeLiveSecurity

Click here to ENTER


 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
There is no reason not to include this functionality. Zoom invitation email with a default, random password. That is too bad. If the host has allowed others to start the meeting before them you could get the URL ahead of time by joining in anytime. But why not? Does the browser insert any risk to the details needed to join a meeting?
 
 

 

How to create a zoom link without password – none:

 

That is too bad. So my understanding is that when a meeting is created, one can obtain a meeting link that contains an encoded password, but that one cannot create such an encoded password oneself or, for that matter, decode the password from the encoded version in the URL. I think this is a stupid limitation, since there is no security reason for failing to provide such a functionality. There are so many limitations in Zoom and especially in its Meeting interface, it is a wonder that it has been recently adopted so widely.

Last night I was in a church Zoom meeting and saw intelligent but new hosts struggling to manage breakout rooms and failing to be able to show a PDF file to everyone. Technically, your use of bandwidth is excellent, and better than many of your competitors. You should leverage this ability, and transform your Meeting interface into something that people really want.

You should stay ahead of your competitors, or else another company will do all this first and steal your entire market, as has happened to others.

This endpoint appears to retrieve meeting information only for those who are authorized as creators of the meeting. The documentation is confusing. An authorized user or the creator of the meeting would need to generate these urls.

I hope you also realize that what you are suggesting would be a huge security vulnerability, if an unauthorized user could get meeting links with passwords,. Equivalent information means equivalent security, nothing more, nothing less. Screen Shot at Dear Tommy, I have explained patiently, several times, that I want a solution where we do not necessarily own the Meeting ID. Zoom has lots of quirky limitations without misinformation being thrown into these answers.

If my request absolutely cannot be done, please have the courtesy of saying so. Help me understand your use case for generating these urls? How are you getting the meeting passwords and not the encoded password in the join url? Another part of the use case is that the Zoom dialog box for entering a meeting remembers the last few meeting IDs but, strangely, not their passwords.

So, when a meeting has a password, you have to enter the password manually. For now, we would prefer the techniques we use to encode these passwords stay internal. Very sorry for any inconvenience this might cause.

I hear you. Initially I thought the password from the URL might be a simple hash value, but it seems to have been salted somehow. I encountered this issue when preparing appointments for my children as they have just received meeting ID and password, but no link. It would make life easier for them if I just gave them the corresponding URL. The only way I have found is to join the meeting and copy the invite link. So, there is limited opportunity someone will intercept the email and glean the meeting details, including the password.

The scheduler is expecting the invitee to need a password, as that was how the invite was configured. No password is required to be input, however, because the password is embedded in the link hidden in the encoded string of characters used to connect to the meeting.

What was the point of requiring a password, then? The other way to join a Zoom meeting is to enter the 9-digit Meeting ID; if you attempt to join a meeting using this method and a password was configured, a password prompt is displayed. This stops people attempting to connect to a password-protected meeting with only the Meeting ID, thus resulting in a reduction of Zoom-bombing.

That said, the bad actors who have been Zoom-bombing may still be able to use brute-force tactics to find valid Meeting IDs, by setting scripts running to continually attempt to connect to meetings.

There is a risk that someone may forward the invitation, in its entirety, to an unauthorized person who could then join the meeting, and would be in possession of the link with the embedded password and the actual password. Even if the password were not embedded in the link, the password is included in the invitation, so again the password is offering no security value. Does the browser insert any risk to the details needed to join a meeting? As the link is https, the browser will start by asking the zoom.

Again, the password has added no value. Zoom-bombing was primarily an issue for schools and students, with malicious actors joining video conferences for online teaching and displaying racist or inappropriate messages and content. Popular extensions that students might have could mean your meeting details, including the embedded passwords, are being shared with third parties.

To test this, I went to the Chrome Web Store, and with some guidance from my son on what students are using, I attempted to add two Chrome extensions that have in excess of 1 million downloads each. This permission allows these two third-party companies to access all my browsing history, including the links to any Zoom meetings that have been joined, and will include by default the embedded password.

I have not named the extensions I attempted to add to my browser, since the companies concerned may have legitimate reasons to collect the data and may be storing it securely. However, they may also be sharing it with other third parties and not be securing it properly. I doubt this possibility was considered by the person scheduling the meeting; they thought a password would be required. Ever needed a Zoom password?

Probably not. But why not? Tony Anscombe.

 
 

Leave a Reply

Your email address will not be published.

*