Comment by nradov
6 years ago
Have your checked for similar vulnerabilities in competing products such as GoToMeeting and WebEx? They have the same basic features.
6 years ago
Have your checked for similar vulnerabilities in competing products such as GoToMeeting and WebEx? They have the same basic features.
RingCentral Meetings uses zoom.us engine but the local server runs on port 19424 instead. I'm able to replicate the issue on it.
PoC: http://localhost:19424/launch?action=join&confno=3535353535
I can confirm that this vulnerability exists in RingCentral for macOS, version 7.0.136380.0312.
I was taken into Miguel's meeting, but since the host wasn't presented, it simply let me know it was waiting for him (It also had a friendly notice "Your video will turn ON automatically when the meeting starts".
I've changed my settings in Video > Meetings, just like in Zoom, to turn off my vid when joining. Also confirmed that the server is running on port 19424 (via terminal command 'lsof -i :19424').
In my case it's 19421 as written in the article.
For RingCentral or Zoom? Could be because I have both on my machine.
3 replies →
bluejeans video installs a nasty daemon that runs at boot too. I'll never attend a bluejeans meeting again
Not if you just use it through the browser, which is more stable than their app.
Anyone know what port the Bluejeans server is running on and/or how to kill it in a manner similar to the Zoom workaround?
Removing the BlueJeans from your machine is a little more involved because they actually used launchd.
launchctl list
Then you need to find where the plist files are (i.e. com.bluejeans.app.detector.plist).
You can disable an entry from launchctl list:
launchctl disable uid/<your user uid>/com.bluejeans.app.detector
You can also unload if you find the actual file
launchctl unload ~/Library/LaunchAgents/com.bluejeans.app.detector.plist
There were a couple differently named bluejeans agents.
Wow didn't know that. I rarely use bluejeans but I guess i will uninstall it anyway.