back to article Cisco fixes WebEx flaw that allowed government, military meetings to be spied on

Cisco squashed some bugs this week that allowed anyone to view WebEx meeting information and join them, potentially opening up security and privacy concerns for highly sensitive meets. The issues first came to light on May 4 when German news outlet Zeit Online published an investigation into the issues which saw it able to …

  1. Mike 137 Silver badge

    Incompetence personified

    "Joining WebEx meetings via video is password-protected by default, but it wasn't always the case when joining by phone, the investigation revealed. Potential intruders just had to adjust the numbers in meeting URLs to read information about or gain access to others. The URLs contained sequences of numbers that could be cycled just by counting up and down, rather than them being randomly generated each time."

    These errors are so basic one should be amazed they get made. Sadly, I'm not amazed as they're all too commonplace, resulting as they do from web devs entirely ignoring (or being oblivious to) the most elementary fundamentals of security.

    1. Yorick Hunt Silver badge
      Facepalm

      Re: Incompetence personified

      I remember several years ago visiting a customer who had a Cisco ATA (analogue 'phone to VoIP interface for the uninitiated).

      The password had been changed from the factory default, but nobody there knew what the new password was.

      "Lemme try something," I thought to myself... Adding "/admin" to the URL threw me straight into the settings, no credentials needed!

      Worse still (well better for me actually, as it made my job easier), SIP passwords were readily accessible by viewing the page source (this trick also works on most Netgear routers).

      Yep, very robust software industry we have.

  2. perkele

    Where do you start to stop blaming incompetence and start wondering if they've been compromised by "foreign workers for a foreign power"... E.g. CN...

    1. Anonymous Coward
      Anonymous Coward

      > foreign workers for a foreign power

      As in, US workers for Cisco working against the Dutch?

      1. perkele

        That too. Assuming these US workers are not H1B workers anyway...

        I am sure Uncle Sam's finest obviously have the best interests for Uncle Sam rather than their Dutch, Finnish or Indian customers when push comes to shove and Uncle Sam wants some economic info.

        As has been happening since even before WW2 in the analogue world.

  3. Yorick Hunt Silver badge
    Mushroom

    "While there's no hard evidence to suggest that the flaws were actually abused..."

    Really?

  4. Anonymous Coward
    Anonymous Coward

    Cisco fixes WebEx flaw that allowed government ... meetings to be spied on

    So now how is the public ever going to learn what their government is talking about doing to them next?

    1. neilg

      Re: Cisco fixes WebEx flaw that allowed government ... meetings to be spied on

      Don't get me started on fucking Teams.

      During 2nd or maybe 3rd or 4th lockdown, who bloody remembers. was on a call with our 4th line, major NHS trust & others trying to get to the bottom of why MRI scan files were disappearing/slow.

      Suddenly NHS ITguy appears on the call. With Video - WTF?

  5. StrangerHereMyself Silver badge

    Incompetence

    It's the incompetence of the civil servants that's to blame. They buy stuff and services based on sales claims made by companies, not having any technical know-how to check if these claims hold up. They argue that Cisco is a big company so it will be all-right. That's a stupid conjecture to make.

    In Germany something similar happened where Russian spies could simply listen in on classified military meetings. All because someone thought it would be wise to use some COTS video meeting software.

  6. Anonymous Coward
    Big Brother

    NSA backdoor exposed in Cisco Webex Meetings

    Seems more accurate ..

    1. Mister Jones

      Actually: ANOTHER NSA backdoor exposed.....

      There.....

  7. Anonymous Coward
    Anonymous Coward

    Think of a random number then divide by 64

    Or just store your passwords in plain text…

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like