Slack vulnerability allowing account takeovers
A critical vulnerability was discovered in the popular Slack corporate messenger, which allowed attackers to seize control over other people’s accounts and conduct attacks on users, which made their data endangered. This was announced by cybersecurity expert Evan Custodio.
In the publication on Hackerone He said that due to a security problem, criminals could steal cookies with user data, as well as intercept accounts under their control.
Custodio emphasized that with the help of bots attacks could be carried out continuously. At the same time, among the users of the messenger that could suffer from the actions of fraudsters, there are many organizations and companies using it for work correspondence. The specialist reported a discovered vulnerability in Slack, after which the developers fixed it.
It was previously reported that in the popular social network Facebook discovered vulnerability, with which it is possible to hack any account. A problem that has existed for about 10 years has been discovered in the login function via Facebook using the OAuth 2.0 authorization protocol.
Slack is a popular corporate messenger that uses a system of chats, private groups and private messages. It has its own hosting and allows you to search among all messages at once. Used in many private companies as a means of working correspondence.