[cisco-voip] Strange Webex Meetings PMR URI Thing

Anthony Holloway avholloway+cisco-voip at gmail.com
Wed Mar 6 15:47:24 EST 2019


I am wondering if anyone else knows why this might be happening, or if they
have even themselves experienced this.

I am a Cisco Partner, and thus, have a Partner Account for Webex Control
Hub, and several customers in there, for which we manage.  I am a Partner
Admin.

I am a Full Admin in the Customer view.

My own company's Webex is classic admin site Webex, and my own personal PMR
is (sub-domains sanitized):

https://mycompany.webex.com/meet/anthony

If I go to one of my Customer's Webex sites, but using my PMR URI, e.g.,

https://mycustomer.webex.com/meet/anthony

It will stay on their sub-domain, but utilize my own Company PMR.

I do have an account on the customer site, but my email address is one of
their domain addresses, and my PMR URI is:

https://mycustomer.webex.com/meet/aholloway

As a test, I took another Customer, but one I don't work on, nor have an
account there, and tried to access my own Comapny PMR URI but at their
sub-domain, and it works there too:

https://anothercustomer.webex.com/meet/anthony

What's happening here?

I'm feeling like it has something to do with my Partner Admin role/Full
Admin Customer role, but then I tried a co-workers PMR URI in the same
scenarios and it doesn't work for them.  e.g.,

https://mycustomer.webex.com/meet/coworker

I also tried it in private browsing mode, and on a different computer, and
it still works, so I'm certain its not because of some cached info or
installation on my PC.

As another test, I have a few other customers in control hub, but who have
their Webex managed in classic Webex, and this trick doesn't work there.
Correlation?  I don't know.

As one last test, I tried several other (non-customers to me) webex hosted
sites, just to see if it works, but of all of the ones I tested (E.g.,
cisco.webex.com, cigna.webex.com, medtronic.webex.com, target.webex.com,
etc.), it never worked elsewhere; just with my own customers.

I could trick people into joining my PMR as a representative of another
company, where I don't even have an account, and possibly get them to
divulge information, or worse, allow me to control their PC.

But then again, this might be by design, of the control hub, and the way
the partner piece is setup.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190306/72e7bf0b/attachment.html>


More information about the cisco-voip mailing list