In the search for a webinar platform, we have tested the security of 14 of them. As a result, in half of tested platforms we have identified high-severity vulnerabilities for example access control issues allowing unprivileged attendees to become a host/presenter or sensitive data leakage.

1. How secure are
webinar platforms?
Michał Ogorzałek
BSides Berlin 2021

10. It’s hacking time

11. • We test about an hour per platform.
• Only data related to the test account are accessed.
• The main purpose is to gain the host/presenter
privileges.
Assumptions of the research:

12. HTTP
WebSockets

13. WebSockets usage

14. • Privilege escalation by role modification.
• Privilege escalation by access control issues.
• Sensitive information in the browser.
What attacks did we perform?

16. ["e":"joined","d":{"user":{"id":21467916,"banned":false,"role":"attendee","email":"test@t.securing.pl","name":"Test1"}}]
["e":"joined","d":{"user":{"id":21467916,"banned":false,"role":"host","email":"test@t.securing.pl","name":"Test1"}}]

20. ["confMsg",{"room":"1234567","from":"host","to":"12668543","permissions„
:{"screen":true,"cam":true,"mic":true},"type":"add-new-presenter"}]

21. ["block-user",{"user_id":"0","user_email":"host@t.securing.pl",
"user_name":"Host","id":"2385746"}]

25. ["chat",{„user":{"id":„3262347","name":„Admin","email":„admin@t.securing.pl","webinar":"69522},"
msg":„User2 dosn’t like kitties, Douche!", is_mod":0,"person_to":2371823}]

27. 22%
Sensitive information
exposure
50%
50%
Privilege escalation
By role
modification By access control
issues
14%
64%

33. CONCLUSIONS
• Webinar platforms have vulnerabilities.
• Security tests should involve all applications.
• It is important how companies reacts to
information about detected vulnerabilities.

34. BEST PRACTICES
• Implement access control for WebSockets.
• Don’t send excessive data.
• Use server-side validation.
• Perfom security tests and do threat modelling.
• Train your developers.

35. Contact us
webinars@securing.pl
MORE THAN
SECURITY
TESTING.