Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Slack Vulnerability Allowing Account Takeovers
#1
Thumbs Down 
In The Name OF Allah
Al-Salam Alekum

[Image: Slack-600x445.jpg]

Slack allowing account takeover?!!!!!!!

Quote:Reportedly, bug hunter Evan Custodio discovered a critical vulnerability affecting Slack. As per his findings, the vulnerability could allow automated account takeovers, ultimately leading to a data breach.

This researcher exploited an HTTP Request Smuggling bug on a Slack asset to perform a CL.TE-based hijack onto neighboring customer requests. This hijack forced the victim into an open-redirect that forwarded the victim onto the researcher’s collaborator client with slack domain cookies. The posted cookies in the customer request on the collaborator client contained the customer’s secret session cookie.


The Source
Wa Salam Alekum
Rs
* Thankful to Allah *
Kurdy
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Rainbow News Vulnerability In WPvivid Backup Plugin Could Expose Files Of WordPress Sites Mr.Kurd 0 61 04-01-2020, 11:11 AM
Last Post: Mr.Kurd
Rainbow News Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploi Mr.Kurd 0 151 03-26-2020, 09:03 AM
Last Post: Mr.Kurd
Exclamation News A vulnerability that Allows Hackers to Hijack Facebook Accounts Mr.Kurd 0 117 03-04-2020, 07:17 AM
Last Post: Mr.Kurd
Brick News OpenSMTPD Email Server Vulnerability Threatens Many Linux and BSD Systems Mr.Kurd 0 96 03-02-2020, 08:40 PM
Last Post: Mr.Kurd
  News Urgent !! Windows User Urged to Patch A Critical Crypto Vulnerability on Windows 10 Mr.Kurd 1 138 01-15-2020, 11:38 AM
Last Post: poolclosed
Brick News TikTok Patches Critical Account Takeover Bugs Mr.Kurd 2 213 01-13-2020, 10:29 AM
Last Post: Mr.Kurd
  News Amazon Ring Discloses Vulnerability And Authorities Granted Access To DNA Data: Mad-Architect 0 215 11-07-2019, 04:43 PM
Last Post: Mad-Architect
  News New Vulnerability Discovered With PHP: NGiNX At Risk Mad-Architect 0 170 10-27-2019, 01:48 PM
Last Post: Mad-Architect
Tongue News NASA Astronaut Accused of Hacking Bank Account From Space Mr.Kurd 0 188 09-25-2019, 01:26 PM
Last Post: Mr.Kurd
  News TalkTalk Hacker Paying 4000K: Popular IG Account Hijacked. Mad-Architect 0 224 08-19-2019, 02:04 PM
Last Post: Mad-Architect



Users browsing this thread: 1 Guest(s)