Comment by nradov

6 years ago

Have your checked for similar vulnerabilities in competing products such as GoToMeeting and WebEx? They have the same basic features.

RingCentral Meetings uses zoom.us engine but the local server runs on port 19424 instead. I'm able to replicate the issue on it.

PoC: http://localhost:19424/launch?action=join&confno=3535353535

  • I can confirm that this vulnerability exists in RingCentral for macOS, version 7.0.136380.0312.

    I was taken into Miguel's meeting, but since the host wasn't presented, it simply let me know it was waiting for him (It also had a friendly notice "Your video will turn ON automatically when the meeting starts".

    I've changed my settings in Video > Meetings, just like in Zoom, to turn off my vid when joining. Also confirmed that the server is running on port 19424 (via terminal command 'lsof -i :19424').

bluejeans video installs a nasty daemon that runs at boot too. I'll never attend a bluejeans meeting again

  • Anyone know what port the Bluejeans server is running on and/or how to kill it in a manner similar to the Zoom workaround?

    •     BlueJeans 423 [...] TCP localhost:18171 (LISTEN)
      
          $ nc 127.0.0.1 18171
          GET / HTTP/1.0
      
          HTTP/1.1 200 OK
          Content-Length: 23
          Server: Swifter 1.3.3
      
          BlueJeansHelper Service

    • Removing the BlueJeans from your machine is a little more involved because they actually used launchd.

      launchctl list

      Then you need to find where the plist files are (i.e. com.bluejeans.app.detector.plist).

      You can disable an entry from launchctl list:

      launchctl disable uid/<your user uid>/com.bluejeans.app.detector

      You can also unload if you find the actual file

      launchctl unload ~/Library/LaunchAgents/com.bluejeans.app.detector.plist

      There were a couple differently named bluejeans agents.