Researchers reported a previously unknown vulnerability in Slack, which could be used to take over accounts and read the archived message by compromising used authentication token.
Detectify’s Frans Rosen discovered the vulnerability and posted the proof-of-concept after noticing a weakness in the way Slack uses pop-up windows.
According to Slack, the vulnerability has already been patched. The company claims that there was no exploitation of the bug in past two years of logs.
How Rosen Found The Bug.
Rosen identified that pop-up window wasn’t verifying the message between the new window and the original chat app.
If anyone with Rosen’s malicious web page in the background could grab authentication token – which allowed full access to all account data and information including the message archives.
According to Rosen, a function called PostMessage, which is commonly used for asynchronous messaging service and often leads in Under-authentication.
Rosen wrote, “If you’re not, and if you’re not checking where the message came from, messages could actually be sent from another web page”.
It is not the first time Slack authentication token is compromised. Last April, Detectify found more than 1500 tokens Slack was posted on GitHub as a part of Slack integration code.
Rosen contacted Slack through the HackerOne vulnerability disclosure service. The Company fixed the reported bug within five hours after being reported and Rosen was paid $3,000 for reporting the vulnerability.
A slack spokesperson told,“This bug is exactly why we invest in our public bug bounty program,”.
In 2014, Slack’s sing-up process accidentally reveals some of the organization’s group before a user was verified. No indication that anyone actively exploited the vulnerability.
Get more stuff like this
in your inbox
Subscribe Us And Get Latest Tech News, Hacking News, Science News, And Latest Gadgets News Directly Delivered To Your Inbox
Thank You For Subscribing. Verification Email Has Been Send To You. Please Verify !
Something Went Wrong.