Description
I created a webinar using the API and it has a webinar password set. If I access the webinar using a join_url, I can see an ecrypted pwd passed along – that seems to be working fine. But if I just go to the webinar registration page hosted by zoom, I am asked to fill out the first name, lastname, and email, and click I am not a robot, but no requirement of putting in the webinar password. It just lets me in.
I have webinarID 925-2584-1946 in this state and don’t know why it isnt asking me for a password.
@tommy Thanks for the reply. I agree with you that is how it should happen, but…
Just now I tried it again.
I created a webinar with a webinar password, with registration required, and with Automatically Approve enabled. I started the webinar.
On another computer, I went to the registration page, filled out the info, clicked Join Webinar in Progress, and was put right into the webinar without it requiring me to enter the password.
This was the same behavior I noticed when I made the original post.
@tommy Thanks for responding, but I don’t understand what is not being understood in my question. I see this as a major security issue.
Try this:
Create a webinar with a webinar password, with registration required, and with Automatically Approve enabled. Then start the webinar.
Now pretend your colleague tells their friend about the seminar, who tells their friend, who tells one of your competitors. That person is given the link to the Zoom-provided Registration Page for the seminar.
That person goes to that page, sees the information asking for first name, lastname, and email address, and fills it out. They click on Join Webinar in Progress
In my testing, even though the webinar has a password, the registration form doesn’t ask for it, and the user is NEVER PROMPTED FOR IT. They get right into the webinar.
So Ill ask again. How can that happen? What is the point of having a webinar password then?
When you open up registration, and use the auto approve, any person can register for the webinar and get the join_url which includes the password. This is the intended flow.
That being said, if someone were to have found the Webianr ID without registering, they would not be able to join since they don’t have the password.