Wow! - That's quite a security/confidentiality/modesty breach.
Re your steps to reproduce in the lab; can I just check my understanding and/or refine your original steps?
1. Schedule a Webex meeting with the security option "They wait in the lobby until they're admitted"
Right. Say I am the site administrator and I set the site default join rule:-
2. Call meeting video address from Endpoint via SIP
OK, you mean call from any old SIP phone/soft-phone; you specifically don't mean a Cisco Cloud Registered SIP Device. Right, so for a scheduled meeting the video address in the format of <meetingnumber@company.webex.com>.
3. Join [start] the meeting with the host [pin]
Right, so you're the host of the meeting and you've effectively started the meeting and are waiting for guests to arrive. You then say:
Conditions: SIP device joining medium security and waiting on pin collection dialog swept into meeting when host joins
So the condition refers only to *other* SIP participants joining as guests, since only SIP participants could be waiting on pin collection dialogue. In which case, for the consequent ("swept info meeting when host joins") to occur, they, the other SIP-connected-participants, must have arrived first. In other words, it seems there is a missing step and the complete set of steps to reproduce is this:
- As host, schedule a meeting and obtain the meeting's video address
- Arrange for one or more others, to act as guests, to receive the meeting's video address, e.g. by receiving the meeting invitation or telling them, and have them call the meeting's video address. They will then hear the announcement: "If you're the meeting host, enter the host pin followed by pound. If you're not the host, press pound." As guests, they respond by pressing "#" and then hear: "Thanks for waiting, we'll let the host know that you're here." They are still at a "pin collection dialog" and could still enter the pin to become host, but they're not host so don't and just wait at that pin collection dialogue.
- You're an absent host, which is why the announcement said "Thanks for waiting, we'll let the host know that you're here." So you now, as prospective host "Call meeting video address from Endpoint via SIP". Say there were two others ahead of you that called the meeting over SIP. Two of them are waiting at "pin collection dialog". As you as prospective host also call in over SIP you are now the third at the "pin collection dialog", so you:
- Join the meeting with host pin.
Current Behaviour (refined)
In the absent host case, the host is not not notified that guests are waiting, and, guests waiting on pin collection dialogue are swept into the meeting when the host joins with host pin thereby starting the meeting.
Expected Behaviour (refined)
In the absent host case, the host should be notified and/or INVITED (called) to the meeting when guests are waiting on the pin collection dialogue. When the host arrives, (or rather upon the first participant to enter the host pin enters the host pin), all guests (those that did not enter the pin on the pin collection dialogue) are admitted to a lobby. The host (or rather any participant that has entered the host pin) may admit singly or collectively participants from the lobby into the meeting.
Remarks
I suspect this is not confined to, or peculiar to, participants joining meetings as guests over SIP and that it applies to participants joining by any means including App, WebRTC. But I agree:
Control Hub > Services > Meeting > Common Settings > Security > Join Rules > Lobby
settings and or individual meeting setting should be honoured and, while we're here, that:
User Hub > Settings > Meetings > Audio and Video > Audio > Entry and exit tone
settings should be respected too irrespective of how either the host or guests connect.
Good catch. Thanks for raising it!
