A lack of rate limiting on repeated password attempts allowed potential attackers to crack the numeric passcode used to secure Zoom private meetings as discovered by Tom Anthony, VP Product at SearchPilot. The vulnerability he spotted in the Zoom web client allowed attackers to guess any meeting’s password by trying all possible combinations until finding the correct one. Zoom took down the web client starting with April 2 to address the vulnerability. A week later, Zoom addressed the password attempt rate limiting issue by “requiring a user logs in to join meetings”””
Source: https://www.bleepingcomputer.com/news/security/zoom-bug-allowed-attackers-to-crack-private-meeting-passwords/