<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body dir="auto">
<div><br>
</div>
I’m eager to hear what this is all about.
<div><br>
</div>
<div>I have a test .org I can temporarily make you external admin for (in a webex session) to test appearances. </div>
<div><br>
</div>
<div>It certainly sounds weird though. <br>
<br>
<div id="AppleMailSignature" dir="ltr">
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span style="background-color: rgba(255, 255, 255, 0);"><i>-sent from mobile device-</i></span></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span style="background-color: rgba(255, 255, 255, 0);"><b><br>
</b></span></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span style="background-color: rgba(255, 255, 255, 0);"><b>Lelio Fulgenzi, B.A.</b> | Senior Analyst<o:p></o:p></span></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span style="background-color: rgba(255, 255, 255, 0);">Computing and Communications Services | University of Guelph<o:p></o:p></span></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span style="background-color: rgba(255, 255, 255, 0);">Room 037 Animal Science & Nutrition Bldg | <a href="x-apple-data-detectors://1/0" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="address" x-apple-data-detectors-result="1/0" style="-webkit-text-decoration-color: rgba(0, 0, 0, 0.258824);">50
Stone Rd E | Guelph, ON | N1G 2W1</a><o:p></o:p></span></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);"><a href="tel:519-824-4120;56354" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="1/1" style="-webkit-text-decoration-color: rgba(0, 0, 0, 0.258824);">519-824-4120
Ext. 56354</a> | <a href="mailto:lelio@uoguelph.ca">lelio@uoguelph.ca</a><o:p></o:p></span></font></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span style="background-color: rgba(255, 255, 255, 0);"> </span></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);"><a href="http://www.uoguelph.ca/ccs">www.uoguelph.ca/ccs</a> | @UofGCCS on Instagram, Twitter and
Facebook<o:p></o:p></span></font></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span style="background-color: rgba(255, 255, 255, 0);"> </span></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span style="background-color: rgba(255, 255, 255, 0);"><img border="0" width="187" height="100" id="Picture_x0020_1" src="cid:image001.png@01D3DD7E.EC708050" alt="University of Guelph Cornerstone with Improve Life tagline" _mf_state="2" action="null" title="null" style="width: 1.9479in; height: 1.0416in;"></span></p>
</div>
<div dir="ltr"><br>
On Apr 9, 2019, at 12:36 PM, Anthony Holloway <<a href="mailto:avholloway+cisco-voip@gmail.com">avholloway+cisco-voip@gmail.com</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div>Update</div>
<div><br>
</div>
<div>I had a two people contact me off list shortly after I sent the initial email:</div>
<div><br>
</div>
<div>- One person recommended reporting to PSIRT, which I did, but I never heard anything back</div>
<div>- One person said they were reaching out to Webex contacts to confirm, but I never heard back</div>
<div><br>
</div>
<div>It's still a problem, and here's a small insight:</div>
<div><br>
</div>
<div>From the end user perspective, the PMR URL ends with /anthony, but from the Control Hub advanced user settings page, it shows that it ends with /aholloway.</div>
<div><br>
</div>
<div>
<div><image.png><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Mar 6, 2019 at 2:47 PM Anthony Holloway <<a href="mailto:avholloway%2Bcisco-voip@gmail.com">avholloway+cisco-voip@gmail.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div dir="ltr">I am wondering if anyone else knows why this might be happening, or if they have even themselves experienced this.
<div><br>
</div>
<div>I am a Cisco Partner, and thus, have a Partner Account for Webex Control Hub, and several customers in there, for which we manage. I am a Partner Admin.</div>
<div><br>
</div>
<div>I am a Full Admin in the Customer view.</div>
<div><br>
</div>
<div>My own company's Webex is classic admin site Webex, and my own personal PMR is (sub-domains sanitized):</div>
<div><br>
</div>
<div><a href="https://mycompany.webex.com/meet/anthony" target="_blank">https://mycompany.webex.com/meet/anthony</a></div>
<div><br>
</div>
<div>If I go to one of my Customer's Webex sites, but using my PMR URI, e.g.,</div>
<div><br>
</div>
<div><a href="https://mycustomer.webex.com/meet/anthony" target="_blank">https://mycustomer.webex.com/meet/anthony</a></div>
<div><br>
</div>
<div>It will stay on their sub-domain, but utilize my own Company PMR.</div>
<div><br>
</div>
<div>I do have an account on the customer site, but my email address is one of their domain addresses, and my PMR URI is:</div>
<div><br>
</div>
<div><a href="https://mycustomer.webex.com/meet/aholloway" target="_blank">https://mycustomer.webex.com/meet/aholloway</a></div>
<div><br>
</div>
<div>As a test, I took another Customer, but one I don't work on, nor have an account there, and tried to access my own Comapny PMR URI but at their sub-domain, and it works there too:</div>
<div><br>
</div>
<div><a href="https://anothercustomer.webex.com/meet/anthony" target="_blank">https://anothercustomer.webex.com/meet/anthony</a></div>
<div><br>
</div>
<div>What's happening here?</div>
<div><br>
</div>
<div>I'm feeling like it has something to do with my Partner Admin role/Full Admin Customer role, but then I tried a co-workers PMR URI in the same scenarios and it doesn't work for them. e.g.,</div>
<div><br>
</div>
<div><a href="https://mycustomer.webex.com/meet/coworker" target="_blank">https://mycustomer.webex.com/meet/coworker</a></div>
<div><br>
</div>
<div>I also tried it in private browsing mode, and on a different computer, and it still works, so I'm certain its not because of some cached info or installation on my PC.</div>
<div><br>
</div>
<div>As another test, I have a few other customers in control hub, but who have their Webex managed in classic Webex, and this trick doesn't work there. Correlation? I don't know.</div>
<div><br>
</div>
<div>As one last test, I tried several other (non-customers to me) webex hosted sites, just to see if it works, but of all of the ones I tested (E.g.,
<a href="http://cisco.webex.com" target="_blank">cisco.webex.com</a>, <a href="http://cigna.webex.com" target="_blank">
cigna.webex.com</a>, <a href="http://medtronic.webex.com" target="_blank">medtronic.webex.com</a>,
<a href="http://target.webex.com" target="_blank">target.webex.com</a>, etc.), it never worked elsewhere; just with my own customers.</div>
<div><br>
</div>
<div>I could trick people into joining my PMR as a representative of another company, where I don't even have an account, and possibly get them to divulge information, or worse, allow me to control their PC.</div>
<div><br>
</div>
<div>But then again, this might be by design, of the control hub, and the way the partner piece is setup.</div>
<div></div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div dir="ltr"><span>_______________________________________________</span><br>
<span>cisco-voip mailing list</span><br>
<span><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a></span><br>
<span><a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a></span><br>
</div>
</blockquote>
</div>
</body>
</html>