Category: General|Mar 18, 2020 | Author: Admin

Slack Patch Critical Vulnerability Allowing Automated Account Takeovers

Share on

A critical security vulnerability existed in Slack that could have lead to a massive data breach affecting its customers. Slack also fixed another vulnerability together with this one.

Slack Vulnerability Allowing Account Takeovers Reportedly, bug hunter Evan Custodio discovered a critical vulnerability affecting Slack. As per his findings, the vulnerability could allow automated account takeovers, ultimately leading to a data breach. While disclosing the flaw to Slack via its HackerOne bug bounty program, the researcher shared a detailed report about the exploit. As revealed, he found an HTTP Request Smuggling bug that could allow automated hacking of arbitrary customer accounts.

This researcher exploited an HTTP Request Smuggling bug on a Slack asset to perform a CL.TE-based hijack onto neighboring customer requests. This hijack forced the victim into an open-redirect that forwarded the victim onto the researcher’s collaborator client with slack domain cookies. The posted cookies in the customer request on the collaborator client contained the customer’s secret session cookie.

Thus, an adversary could exploit the flaw to continue taking over random accounts, something that can lead to a huge breach. A potential attacker could also create bots to execute the attacks, thus involving automation for swift breaches.

Following his report, Slack confirmed by reproducing the exploit and worked out a fix for the bug. Both the researcher and the vendors agreed to disclose the bug publicly after ensuring a patch was implemented. They have now disclosed the bug after fixing it, whilst acknowledging the researcher’s efforts with a $6500 bounty. Other Slack Vulnerabilities Also Fixed Alongside the above, Slack also disclosed another critical vulnerability that awarded the researcher an additional $3500 bounty.

As revealed through the report, the TURN server allowed proxying UDP packets and TCP connections to interact with the internal Slack network. The researcher Sandro Gauci, who reported this flaw, also won another bounty of $2000 for reporting a high-severity vulnerability. As revealed through the bug report, this flaw allowed a man-in-the-middle hijack and handle SRTP stream in place of Slack. While the researcher discovered and reported this vulnerability around a year ago, Slack disclosed the bug only recently after ensuring a thorough fix.

Let us know your thoughts in the comments.

Sponsored Ads:

Comments:


Discord blocked in Russia and Turkey for spreading illegal content

Category: IT|Oct 9, 2024 | Author: Admin

Google ordered to open up the Play Store in Epic Games antitrust ruling

Category: Google|Oct 8, 2024 | Author: Admin

Recently patched CUPS flaw can be used to amplify DDoS attacks

Category: IT|Oct 7, 2024 | Author: Admin

Google removes Kaspersky's antivirus software from Play Store

Category: Google|Oct 6, 2024 | Author: Admin

UK nuclear site Sellafield fined $440,000 for cybersecurity shortfalls

Category: IT|Oct 5, 2024 | Author: Admin

Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps

Category: IT|Oct 4, 2024 | Author: Admin

Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues

Category: Microsoft|Oct 3, 2024 | Author: Admin

Microsoft Office 2024 now available for Windows and macOS users

Category: Microsoft|Oct 2, 2024 | Author: Admin

HPE Aruba Networking fixes critical flaws impacting Access Points

Category: IT|Oct 1, 2024 | Author: Admin

Verizon outage: iPhones, Android devices stuck in SOS mode

Category: Apple|Sep 30, 2024 | Author: Admin

Urgent warning issued to Android users over malicious threat affecting millions of devices

Category: Google|Sep 29, 2024 | Author: Admin

Windows Recall now can be removed, is more secure

Category: Microsoft|Sep 28, 2024 | Author: Admin

CUPS flaws enable Linux remote code execution, but there’s a catch

Category: IT|Sep 27, 2024 | Author: Admin

Infostealer malware bypasses Chrome’s new cookie-theft defenses

Category: Google|Sep 26, 2024 | Author: Admin

The "Llama" is freed: Winamp goes open source after 27 years

Category: IT|Sep 25, 2024 | Author: Admin
more