Notebookcheck

GoToMeeting is found to be potentially susceptible to hacking

GoToMeeting's security issues may have been prevented by timely reporting. (Source: GoToMeeting)
GoToMeeting's security issues may have been prevented by timely reporting. (Source: GoToMeeting)
The European "responsible vulnerability disclosure" specialists Swascan claim to have discovered that the popular virtual conference service GoToMeeting may be subject to various common weakness enumerations (or CWEs). They may affect the ability to set up meetings with the privacy normally expected of these online events.

GoToMeeting is a service that helps clients set up online conferences, webinars, meetings and other similar events. Therefore, it is reasonable to assume that this company, owned by LogMeIn, may be expected to be able to uphold confidentiality and privacy for its potential customers. However, the European security-monitoring firm Swascan recently identified a possible problem with its system.

This issue consisted of the detection of multiple CWEs in PSIRT, a video-conferencing tool used by GoToMeeting. These vulnerabilities could apparently have exposed its customers, (which, according to the company, number in the "millions") had not Swascan stepped in to contact the virtual-conferencing service and report the presence of these possible exploits.

The 2 groups then reportedly collaborated to address these potential doorways to hackers. Swascan claims that this is in accordance with a track record of "responsible vulnerability disclosures" and subsequent security-enhancing partnerships with other companies, including Huawei, Lenovo, SAP and Nokia.

In GoToMeeting's case, the weaknesses as identified were CWE-20 (Improper Input Validation), CWE-287 (Improper Authentication), and CWE-476 (NULL Pointer Dereference). They may have allowed hackers to insert their own code into a given program, pose as genuine users or crash a given program respectively. However, Swascan now asserts that this is now much less likely following its timely actions.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Especially English native speakers welcome!

Currently wanted: 
News and Editorial Editor - Details here

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 11 > GoToMeeting is found to be potentially susceptible to hacking
Deirdre O Donnell, 2019-11-12 (Update: 2019-11-12)