General|Mar 18, 2020

Slack Patch Critical Vulnerability Allowing Automated Account Takeovers

Share on

A critical security vulnerability existed in Slack that could have lead to a massive data breach affecting its customers. Slack also fixed another vulnerability together with this one.

slack.jpg

Slack Vulnerability Allowing Account Takeovers Reportedly, bug hunter Evan Custodio discovered a critical vulnerability affecting Slack. As per his findings, the vulnerability could allow automated account takeovers, ultimately leading to a data breach. While disclosing the flaw to Slack via its HackerOne bug bounty program, the researcher shared a detailed report about the exploit. As revealed, he found an HTTP Request Smuggling bug that could allow automated hacking of arbitrary customer accounts.

This researcher exploited an HTTP Request Smuggling bug on a Slack asset to perform a CL.TE-based hijack onto neighboring customer requests. This hijack forced the victim into an open-redirect that forwarded the victim onto the researcher’s collaborator client with slack domain cookies. The posted cookies in the customer request on the collaborator client contained the customer’s secret session cookie.

Thus, an adversary could exploit the flaw to continue taking over random accounts, something that can lead to a huge breach. A potential attacker could also create bots to execute the attacks, thus involving automation for swift breaches.

Following his report, Slack confirmed by reproducing the exploit and worked out a fix for the bug. Both the researcher and the vendors agreed to disclose the bug publicly after ensuring a patch was implemented. They have now disclosed the bug after fixing it, whilst acknowledging the researcher’s efforts with a $6500 bounty. Other Slack Vulnerabilities Also Fixed Alongside the above, Slack also disclosed another critical vulnerability that awarded the researcher an additional $3500 bounty.

As revealed through the report, the TURN server allowed proxying UDP packets and TCP connections to interact with the internal Slack network. The researcher Sandro Gauci, who reported this flaw, also won another bounty of $2000 for reporting a high-severity vulnerability. As revealed through the bug report, this flaw allowed a man-in-the-middle hijack and handle SRTP stream in place of Slack. While the researcher discovered and reported this vulnerability around a year ago, Slack disclosed the bug only recently after ensuring a thorough fix.

Let us know your thoughts in the comments.

Comments:


windows11.jpg

Download Windows 11 here

Microsoft|Jun 18, 2021
Ps5.jpg

Sony promises big Playstation 5 update - has launched beta program

General|Jun 18, 2021
Oppo.jpg

OnePlus becomes part of Oppo

General|Jun 17, 2021
Beats.jpeg

Apple has launched Beats Studio Buds: cheaper than AirPods Pro and with Atmos and "Spatial Audio"

Apple|Jun 16, 2021
Tesla.jpg

The inventor of the graphite anode: What Tesla can do in 70 minutes, we do in ten minutes

General|Jun 15, 2021
Windows-11.jpg

Microsoft will not support Windows 10 after 2025

Microsoft|Jun 14, 2021
AI.jpg

New AI: Artificial intelligence on a par with the brain

IT|Jun 13, 2021
Chrome.jpg

Mozilla skeptical: Google wants to end third-party cookies

Google|Jun 12, 2021
apple.jpeg

Launches iOS 4 as an app

Apple|Jun 11, 2021
Windows.png

New updates for Windows 10 are being rolled out

Microsoft|Jun 10, 2021
Apple.jpeg

Apple is not done with Intel: planning Mac Pro upgrade

Apple|Jun 9, 2021
Jeff-Bezos.jpg

Jeff Bezos joins space himself

General|Jun 8, 2021
Battlefield.jpg

Here are the first screenshots from Battlefield - Norwegian revealed encrypted message

General|Jun 7, 2021
chrome-extension.jpg

They work together! Google, Apple, Microsoft and Mozilla will standardize browser extensions

IT|Jun 6, 2021
Chrome.png

Chrome will soon help you avoid dangerous browser extensions

Google|Jun 5, 2021
more