+- Red Security (https://redsecurity.info/cc)
+-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1)
+--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4)
+--- Thread: News Slack Vulnerability Allowing Account Takeovers (/showthread.php?tid=1428)
Slack Vulnerability Allowing Account Takeovers - Mr.Kurd - 03-17-2020
In The Name OF Allah
Al-Salam Alekum
![[Image: Slack-600x445.jpg]](https://latesthackingnews.com/wp-content/uploads/2020/03/Slack-600x445.jpg)
Slack allowing account takeover?!!!!!!!
Quote:Reportedly, bug hunter Evan Custodio discovered a critical vulnerability affecting Slack. As per his findings, the vulnerability could allow automated account takeovers, ultimately leading to a data breach.
This researcher exploited an HTTP Request Smuggling bug on a Slack asset to perform a CL.TE-based hijack onto neighboring customer requests. This hijack forced the victim into an open-redirect that forwarded the victim onto the researcher’s collaborator client with slack domain cookies. The posted cookies in the customer request on the collaborator client contained the customer’s secret session cookie.
The Source
Wa Salam Alekum