If someone knows the ID of a zoom meeting, he simply simply cracked the associated password and unauthorized to participate in the meeting. The covered Tom Anthony called himself as a hobby security researcher. Zoom responded promptly to his clues and also blocked the responsible web client on the same day; After a week, the error was then faxed.
The problem: Zoom sat for meetings until recently standard passwords, which merely consisted of 6 digits. The resulting 1 million opportunities love trying within a few minutes, found Anthony out. Responsible for this was the lack of a limitation of access attempts via http over the web client. So Anthony was able to automate the trying on access codes and find the right to the right over Cloud server.
Zoom has responded by Anthony very promptly to his instructions and apparently not only set a rate limiting, thus restricts the number of unauthorized access. But they have also changed the password scheme. Thus, the standard passwords for zoom meetings now consist of a combination of letters and numbers, which increases the number of possibilities. There is still a purely numerical password for dial-up via telephone; However, the web access is not possible to confirm how a short test of Heise Security.