The topic here is twofold. One being that the host code and participant codes do not function as a separation of duty like they should. For example everyone can join the call as a participant without a host present. This should not be the case.
Second and more importantly is the security of the host and participant codes. I am sure I use this service as most people do and that is for recurring meetings that require a conference bridge in addition to one offs. The problem is that as people come and go from companies and 3rd parties are given dial in for specific meetings there is nothing to prevent them from accessing the same bridge at a later time. There needs to be rolling codes or the ability to auto generate a new code as needed. This I feel is a huge fundamental security flaw in the service. If this feature is currently being implemented what is the scheduled release date? We hope to continue to use RC moving forward but these security implementations will drive that decision.
Second and more importantly is the security of the host and participant codes. I am sure I use this service as most people do and that is for recurring meetings that require a conference bridge in addition to one offs. The problem is that as people come and go from companies and 3rd parties are given dial in for specific meetings there is nothing to prevent them from accessing the same bridge at a later time. There needs to be rolling codes or the ability to auto generate a new code as needed. This I feel is a huge fundamental security flaw in the service. If this feature is currently being implemented what is the scheduled release date? We hope to continue to use RC moving forward but these security implementations will drive that decision.
