GoToMeeting is found to be potentially susceptible to hacking
GoToMeeting is a service that helps clients set up online conferences, webinars, meetings and other similar events. Therefore, it is reasonable to assume that this company, owned by LogMeIn, may be expected to be able to uphold confidentiality and privacy for its potential customers. However, the European security-monitoring firm Swascan recently identified a possible problem with its system.
This issue consisted of the detection of multiple CWEs in PSIRT, a video-conferencing tool used by GoToMeeting. These vulnerabilities could apparently have exposed its customers, (which, according to the company, number in the "millions") had not Swascan stepped in to contact the virtual-conferencing service and report the presence of these possible exploits.
The 2 groups then reportedly collaborated to address these potential doorways to hackers. Swascan claims that this is in accordance with a track record of "responsible vulnerability disclosures" and subsequent security-enhancing partnerships with other companies, including Huawei, Lenovo, SAP and Nokia.
In GoToMeeting's case, the weaknesses as identified were CWE-20 (Improper Input Validation), CWE-287 (Improper Authentication), and CWE-476 (NULL Pointer Dereference). They may have allowed hackers to insert their own code into a given program, pose as genuine users or crash a given program respectively. However, Swascan now asserts that this is now much less likely following its timely actions.
Are you a techie who knows how to write? Then join our Team! Wanted:
- News Writer (Romania based)
- Proofreader
Details here