Hacker News new | ask | show | jobs
by migueltarga 2538 days ago
RingCentral Meetings uses zoom.us engine but the local server runs on port 19424 instead. I'm able to replicate the issue on it.

PoC: http://localhost:19424/launch?action=join&confno=3535353535
2 comments
nuvs 2538 days ago
I can confirm that this vulnerability exists in RingCentral for macOS, version 7.0.136380.0312.

I was taken into Miguel's meeting, but since the host wasn't presented, it simply let me know it was waiting for him (It also had a friendly notice "Your video will turn ON automatically when the meeting starts".

I've changed my settings in Video > Meetings, just like in Zoom, to turn off my vid when joining. Also confirmed that the server is running on port 19424 (via terminal command 'lsof -i :19424').

link
thijsvandien 2538 days ago
In my case it's 19421 as written in the article.
link
migueltarga 2538 days ago
For RingCentral or Zoom? Could be because I have both on my machine.
link
thijsvandien 2538 days ago
Zoom
link
migueltarga 2538 days ago
Yes, my comment was about RingCentral Meetings
link
thijsvandien 2538 days ago
Sorry, never heard of that, and since the rest of the story was so similar, it didn't really register in my brain as something entirely different.
link