General|Mar 18, 2020

Slack Patch Critical Vulnerability Allowing Automated Account Takeovers

Share on

A critical security vulnerability existed in Slack that could have lead to a massive data breach affecting its customers. Slack also fixed another vulnerability together with this one.

slack.jpg

Slack Vulnerability Allowing Account Takeovers Reportedly, bug hunter Evan Custodio discovered a critical vulnerability affecting Slack. As per his findings, the vulnerability could allow automated account takeovers, ultimately leading to a data breach. While disclosing the flaw to Slack via its HackerOne bug bounty program, the researcher shared a detailed report about the exploit. As revealed, he found an HTTP Request Smuggling bug that could allow automated hacking of arbitrary customer accounts.

This researcher exploited an HTTP Request Smuggling bug on a Slack asset to perform a CL.TE-based hijack onto neighboring customer requests. This hijack forced the victim into an open-redirect that forwarded the victim onto the researcher’s collaborator client with slack domain cookies. The posted cookies in the customer request on the collaborator client contained the customer’s secret session cookie.

Thus, an adversary could exploit the flaw to continue taking over random accounts, something that can lead to a huge breach. A potential attacker could also create bots to execute the attacks, thus involving automation for swift breaches.

Following his report, Slack confirmed by reproducing the exploit and worked out a fix for the bug. Both the researcher and the vendors agreed to disclose the bug publicly after ensuring a patch was implemented. They have now disclosed the bug after fixing it, whilst acknowledging the researcher’s efforts with a $6500 bounty. Other Slack Vulnerabilities Also Fixed Alongside the above, Slack also disclosed another critical vulnerability that awarded the researcher an additional $3500 bounty.

As revealed through the report, the TURN server allowed proxying UDP packets and TCP connections to interact with the internal Slack network. The researcher Sandro Gauci, who reported this flaw, also won another bounty of $2000 for reporting a high-severity vulnerability. As revealed through the bug report, this flaw allowed a man-in-the-middle hijack and handle SRTP stream in place of Slack. While the researcher discovered and reported this vulnerability around a year ago, Slack disclosed the bug only recently after ensuring a thorough fix.

Let us know your thoughts in the comments.

Comments:


Apple-AirPods-3.jpg

New AirPods 3 are coming this fall

Apple|Aug 3, 2021
Samsung-DDR5.jpg

Samsung is developing extreme DDR5 memory technology

General|Aug 2, 2021
CyberPanel-banner.jpg

How to disable 2FA CyberPanel 2.1 2021

Tutorials|Aug 1, 2021
rick_astley.jpg

One billion rickrollings

General|Jul 31, 2021
Spotify.jpg

Spotify makes money. The artists get a tier for every 301st stream

General|Jul 30, 2021
chrome-os-google.jpg

The most important Chrome OS feature of 2021 isn't coming from Google

Google|Jul 29, 2021
Apple.jpg

iOS 15 beta 4 has been launched - better Safari in iPadOS

Apple|Jul 28, 2021
2021-07-24-image-3-j.jpg

China's new Loongson CPU is almost as fast as the first Ryzen

General|Jul 27, 2021
Apple.jpg

Are they going to do something super smart? Apple is testing the external display with the A13 chip

Apple|Jul 26, 2021
NewsTargeted.png

2000 News Articles!

General|Jul 25, 2021
Apple.png

These are the iPhone models that get one of iOS 15's best features

Apple|Jul 24, 2021
Microsoft.jpg

Newly spotted Windows 10 and 11 vulnerability lets any user have admin privileges

Microsoft|Jul 23, 2021
Android.jpg

Android 12 beta has been launched with the big news

Google|Jul 22, 2021
Magsafe.jpg

This is Apple's MagSafe extra battery - Norwegian price revealed

Apple|Jul 21, 2021
windows365.jpg

Windows in the cloud comes August 2, this is Windows 365

Microsoft|Jul 20, 2021
more