Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 2 Vote(s) - 4.5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Slack Vulnerability Allowing Account Takeovers
#1
Thumbs Down 
In The Name OF Allah
Al-Salam Alekum

[Image: Slack-600x445.jpg]

Slack allowing account takeover?!!!!!!!

Quote:Reportedly, bug hunter Evan Custodio discovered a critical vulnerability affecting Slack. As per his findings, the vulnerability could allow automated account takeovers, ultimately leading to a data breach.

This researcher exploited an HTTP Request Smuggling bug on a Slack asset to perform a CL.TE-based hijack onto neighboring customer requests. This hijack forced the victim into an open-redirect that forwarded the victim onto the researcher’s collaborator client with slack domain cookies. The posted cookies in the customer request on the collaborator client contained the customer’s secret session cookie.


The Source
Wa Salam Alekum
Rs
* Thankful to Allah *
Kurdy
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Star News Update Windows 10 to patch critical vulnerability in Microsoft store games News 0 246 11-06-2020, 04:22 AM
Last Post: News
Star News IoT Vulnerability Disclosure Platform Launched News 0 281 10-20-2020, 09:58 AM
Last Post: News
Star News Zerologon Vulnerability Used in APT Attacks News 0 301 10-07-2020, 11:12 AM
Last Post: News
Star News Vulnerability Disclosure Programs See Signups & Payouts Surge News 0 321 09-23-2020, 12:57 PM
Last Post: News
Star News Can Vulnerability Scanning Replace Penetration Testing? News 0 407 08-30-2020, 02:08 AM
Last Post: News
Star News Vulnerability Volume Poised to Overwhelm Infosec Teams News 0 376 08-28-2020, 09:14 AM
Last Post: News
Star News Vulnerability Prioritization: Are You Getting It Right? News 0 1,072 08-10-2020, 07:33 PM
Last Post: News
Smile News Critical Vulnerability In Bisq Crypto Exchange Exploited For Some Users Mr.Kurd 0 603 04-10-2020, 02:46 PM
Last Post: Mr.Kurd
Rainbow News Vulnerability In WPvivid Backup Plugin Could Expose Files Of WordPress Sites Mr.Kurd 0 569 04-01-2020, 11:11 AM
Last Post: Mr.Kurd
Rainbow News Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploi Mr.Kurd 0 632 03-26-2020, 09:03 AM
Last Post: Mr.Kurd



Users browsing this thread: 1 Guest(s)