Skip to main content

Tags jitsi meet

Sandro Gauci

Sandro Gauci, Enable Security

Jitsi Meet on Docker default passwords - how bad is it, how to detect and fix it

Last updated on Apr 20, 2020 in , , , ,

Executive summary (TL;DR) Jitsi Meet on Docker contained default passwords for important users, which could be abused to run administrative XMPP commands, including shutting down the server, changing the administrative password and loading Prosody modules. We also provide instructions on how to check for this issue if you administer a Jitsi Meet server. Background story A few days ago we noticed a tweet by @joernchen mentioning something that sounded familiar, Jitsi.…

Read more »

Subscribe

Receive high-quality, low-volume RTC security research, news and occasional updates about what we're up to.

Interested in working with us? Get in touch

We hate spam and hard-selling and are committed to protecting and respecting your privacy. You can unsubscribe from these communications at any time. By subscribing, you are agreeing to the Terms and Conditions. this site uses reCAPTCHA, the Google Privacy Policy and Terms of Service apply.