CheckPoint last year found a now patched flaw in Zoom Meeting that allowed researchers to predict meeting ID numbers enabling them to enter private conversations.

The vulnerability
was found last year and patched by Zoon Video Communications in July 2019, but
the company has only just now reported on the issue.

The flaw
lies in the fact that Zoom uses 9, 10, or 11 digits for its meeting ID numbers.
If the user has not enabled requiring a password or set up a waiting room from
where people are manually added to the meeting, there is a very high
possibility the meeting ID itself can be found.

“Our
researchers were able to predict ~4% of randomly generated meeting IDs, which
is very high chance of success, comparing to the pure brute force,” CheckPoint
wrote.

CheckPoint
brought the issue to Zoom’s attention last year and the company has since changed
how the meeting number is generated fixing the problem.