Unable to retry user@email data from meeting (with only registration allowed)

In a meeting “only for registrant” a user can use a registrant link and join with browser. In this case reports don’t show email (that is implicit in registrant link) so we have ghosts in a private meeting and we can’t know how registrant link they use!!

We do a test showing a dangerous system vulnerability.

Meeting: [REDACTED]

Meeting data: {
"agenda": "",
"assistant_id": "",
"created_at": "2021-04-08T14:02:58Z",
"duration": 50,
"host_email": "",
"host_id": "[REDACTED]",
"id": [REDACTED],
"join_url": "***",
"registration_url": "[REDACTED]",
"settings": {
"allow_multiple_devices": true,
"alternative_hosts": "",
"approval_type": 0,
"approved_or_denied_countries_or_regions": {
"enable": false
"audio": "both",
"auto_recording": "cloud",
"breakout_room": {
"enable": false
"close_registration": false,
"cn_meeting": false,
"contact_email": "***",
"contact_name": "[REDACTED]",
"device_testing": false,
"encryption_type": "enhanced_encryption",
"enforce_login": false,
"enforce_login_domains": "",
"global_dial_in_countries": [
"global_dial_in_numbers": [
"country": "IT",
"country_name": "Italia",
"number": "+39 02124128823",
"type": "toll"
"country": "IT",
"country_name": "Italia",
"number": "+39 0694806488",
"type": "toll"
"country": "IT",
"country_name": "Italia",
"number": "+39 0200667245",
"type": "toll"
"host_video": true,
"in_meeting": false,
"jbh_time": 0,
"join_before_host": true,
"meeting_authentication": false,
"mute_upon_entry": true,
"participant_video": true,
"registrants_confirmation_email": true,
"registrants_email_notification": true,
"request_permission_to_unmute_participants": false,
"show_share_button": true,
"use_pmi": false,
"waiting_room": true,
"watermark": false
"start_time": "2021-04-08T14:10:00Z",
"start_url": "[REDACTED]",
"status": "waiting",
"timezone": "Europe/Rome",
"topic": "Attività 3",
"type": 2,
"uuid": "[REDACTED]"

We create meeting with API with a configuration like that:

$meeting_data = array (
'topic' => $this->data['modulo'][0]->activity_title,
'type' => '2',
'start_time' => $start_time,
'duration' => $duration,
'timezone' => 'Europe/Rome',
'agenda' => $this->data['modulo'][0]->annotazioni,
'settings' =>
array (
'host_video' => true,
'participant_video' => true,
'cn_meeting' => false,
'in_meeting' => false,
'join_before_host' => true,
'mute_upon_entry' => true,
'watermark' => false,
'use_pmi' => false,
'approval_type' => 0,
*'registration_type' => 1,*
'audio' => 'both',
'auto_recording' => 'cloud',
'registrants_email_notification' => true,

we don’t know if registration_type is OK or NOT but is not that problem.

We have generated TWO registered user with specific link.

During meeting i was able to JOIN meeting with three different device:

1- one for host
2- one for the first link with mobile device
3- one for the second link with a laptop

In the third device i have click on link and than choose JOIN FROM BROWSER. (NOTE: I have disable this link FROM SETTING but link are visible!! → FIRST BUG)

In the third device the webclient ask to me ONLY a username not an email…and also the email associated with registrant link are ignored and not tracked.

When i show the report i see:

[4] => stdClass Object
[id] => [REDACTED]
[user_id] =>[REDACTED]
[name] => [REDACTED]
[user_email] =>
[join_time] => 2021-04-08T14:06:28Z
[leave_time] => 2021-04-08T14:11:28Z
[duration] => 300
[attentiveness_score] =>

User don’t have any email associaded and i can’t know how register link have used! Is like a Ghost in a Private Meeting.

Is possible to solve this BUG?! And Also…This is a know bug of the platform ?

1 Like

Hey @cantagallo,

Thank you for reaching out to the Zoom Developer Forum. I’m happy to look into these issues further. Please send an email to developersupport@zoom.us with a link to this thread.

In that email, please also include the following:

  1. A Join URL that shows a “Join From Browser” link. I already confirmed this is disabled on your account.

  2. The Unique Join URL that you used when you saw that the email was not tracked when the registrant joined.


I will do it.

For your information this is the registrant link:

We have generated TWO registered user with specific link

if you click on with chrome for exampe and refuse to OPEN client and click on button: LAUNCH MEETING it show URL for join with browser also if i have disabled IT!

Hey @cantagallo,

Thank you for submitting a ticket! I’ll close this thread and follow up with you there.