[cisco-voip] Strange Webex Meetings PMR URI Thing

Lelio Fulgenzi lelio at uoguelph.ca
Tue Apr 9 12:58:40 EDT 2019


I’m eager to hear what this is all about.

I have a test .org I can temporarily make you external admin for (in a webex session) to test appearances.

It certainly sounds weird though.

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1<x-apple-data-detectors://1/0>
519-824-4120 Ext. 56354<tel:519-824-4120;56354> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Apr 9, 2019, at 12:36 PM, Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway+cisco-voip at gmail.com>> wrote:

Update

I had a two people contact me off list shortly after I sent the initial email:

- One person recommended reporting to PSIRT, which I did, but I never heard anything back
- One person said they were reaching out to Webex contacts to confirm, but I never heard back

It's still a problem, and here's a small insight:

From the end user perspective, the PMR URL ends with /anthony, but from the Control Hub advanced user settings page, it shows that it ends with /aholloway.

<image.png>

On Wed, Mar 6, 2019 at 2:47 PM Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway%2Bcisco-voip at gmail.com>> wrote:
I am wondering if anyone else knows why this might be happening, or if they have even themselves experienced this.

I am a Cisco Partner, and thus, have a Partner Account for Webex Control Hub, and several customers in there, for which we manage.  I am a Partner Admin.

I am a Full Admin in the Customer view.

My own company's Webex is classic admin site Webex, and my own personal PMR is (sub-domains sanitized):

https://mycompany.webex.com/meet/anthony

If I go to one of my Customer's Webex sites, but using my PMR URI, e.g.,

https://mycustomer.webex.com/meet/anthony

It will stay on their sub-domain, but utilize my own Company PMR.

I do have an account on the customer site, but my email address is one of their domain addresses, and my PMR URI is:

https://mycustomer.webex.com/meet/aholloway

As a test, I took another Customer, but one I don't work on, nor have an account there, and tried to access my own Comapny PMR URI but at their sub-domain, and it works there too:

https://anothercustomer.webex.com/meet/anthony

What's happening here?

I'm feeling like it has something to do with my Partner Admin role/Full Admin Customer role, but then I tried a co-workers PMR URI in the same scenarios and it doesn't work for them.  e.g.,

https://mycustomer.webex.com/meet/coworker

I also tried it in private browsing mode, and on a different computer, and it still works, so I'm certain its not because of some cached info or installation on my PC.

As another test, I have a few other customers in control hub, but who have their Webex managed in classic Webex, and this trick doesn't work there.  Correlation?  I don't know.

As one last test, I tried several other (non-customers to me) webex hosted sites, just to see if it works, but of all of the ones I tested (E.g., cisco.webex.com<http://cisco.webex.com>, cigna.webex.com<http://cigna.webex.com>, medtronic.webex.com<http://medtronic.webex.com>, target.webex.com<http://target.webex.com>, etc.), it never worked elsewhere; just with my own customers.

I could trick people into joining my PMR as a representative of another company, where I don't even have an account, and possibly get them to divulge information, or worse, allow me to control their PC.

But then again, this might be by design, of the control hub, and the way the partner piece is setup.
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190409/30bf60e4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 199778 bytes
Desc: image.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190409/30bf60e4/attachment.png>


More information about the cisco-voip mailing list