[cisco-voip] Strange Webex Meetings PMR URI Thing

Anthony Holloway avholloway+cisco-voip at gmail.com
Tue Apr 9 16:22:28 EDT 2019 

I have opened a support case with Webex.  I'll be sure to update the thread
with their response.

On Tue, Apr 9, 2019 at 11:58 AM Lelio Fulgenzi <lelio at uoguelph.ca> wrote:

>
> I’m eager to hear what this is all about.
>
> I have a test .org I can temporarily make you external admin for (in a
> webex session) to test appearances.
>
> It certainly sounds weird though.
>
> *-sent from mobile device-*
>
>
> *Lelio Fulgenzi, B.A.* | Senior Analyst
>
> Computing and Communications Services | University of Guelph
>
> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON |
> N1G 2W1
>
> 519-824-4120 Ext. 56354 <519-824-4120;56354> | lelio at uoguelph.ca
>
>
>
> www.uoguelph.ca/ccs | @UofGCCS on Instagram, Twitter and Facebook
>
>
>
> [image: University of Guelph Cornerstone with Improve Life tagline]
>
> On Apr 9, 2019, at 12:36 PM, Anthony Holloway <
> avholloway+cisco-voip at gmail.com> wrote:
>
> Update
>
> I had a two people contact me off list shortly after I sent the initial
> email:
>
> - One person recommended reporting to PSIRT, which I did, but I never
> heard anything back
> - One person said they were reaching out to Webex contacts to confirm, but
> I never heard back
>
> It's still a problem, and here's a small insight:
>
> From the end user perspective, the PMR URL ends with /anthony, but from
> the Control Hub advanced user settings page, it shows that it ends with
> /aholloway.
>
> <image.png>
>
> On Wed, Mar 6, 2019 at 2:47 PM Anthony Holloway <
> avholloway+cisco-voip at gmail.com> wrote:
>
>> I am wondering if anyone else knows why this might be happening, or if
>> they have even themselves experienced this.
>>
>> I am a Cisco Partner, and thus, have a Partner Account for Webex Control
>> Hub, and several customers in there, for which we manage.  I am a Partner
>> Admin.
>>
>> I am a Full Admin in the Customer view.
>>
>> My own company's Webex is classic admin site Webex, and my own personal
>> PMR is (sub-domains sanitized):
>>
>> https://mycompany.webex.com/meet/anthony
>>
>> If I go to one of my Customer's Webex sites, but using my PMR URI, e.g.,
>>
>> https://mycustomer.webex.com/meet/anthony
>>
>> It will stay on their sub-domain, but utilize my own Company PMR.
>>
>> I do have an account on the customer site, but my email address is one of
>> their domain addresses, and my PMR URI is:
>>
>> https://mycustomer.webex.com/meet/aholloway
>>
>> As a test, I took another Customer, but one I don't work on, nor have an
>> account there, and tried to access my own Comapny PMR URI but at their
>> sub-domain, and it works there too:
>>
>> https://anothercustomer.webex.com/meet/anthony
>>
>> What's happening here?
>>
>> I'm feeling like it has something to do with my Partner Admin role/Full
>> Admin Customer role, but then I tried a co-workers PMR URI in the same
>> scenarios and it doesn't work for them.  e.g.,
>>
>> https://mycustomer.webex.com/meet/coworker
>>
>> I also tried it in private browsing mode, and on a different computer,
>> and it still works, so I'm certain its not because of some cached info or
>> installation on my PC.
>>
>> As another test, I have a few other customers in control hub, but who
>> have their Webex managed in classic Webex, and this trick doesn't work
>> there.  Correlation?  I don't know.
>>
>> As one last test, I tried several other (non-customers to me) webex
>> hosted sites, just to see if it works, but of all of the ones I tested
>> (E.g., cisco.webex.com, cigna.webex.com, medtronic.webex.com,
>> target.webex.com, etc.), it never worked elsewhere; just with my own
>> customers.
>>
>> I could trick people into joining my PMR as a representative of another
>> company, where I don't even have an account, and possibly get them to
>> divulge information, or worse, allow me to control their PC.
>>
>> But then again, this might be by design, of the control hub, and the way
>> the partner piece is setup.
>>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190409/a3425533/attachment.html>

More information about the cisco-voip mailing list