This morning, a researcher reported a previously unknown vulnerability in Slack, which could be used to take over accounts and read archived messages by compromising a user’s authentication token. First reported Tuesday evening, the vulnerability has already been patched by Slack shortly. The company claims there were no successful exploitations of the bug, based on an examination of the past two years of logs.
“This bug is exactly why we invest in our public bug bounty program,” a Slack spokesperson told The Verge.
The vulnerability was discovered by Detectify’s Frans Rosen, who created the proof-of-concept after noticing a weakness in the way Slack uses pop-up windows. When Slack initiates a call, it does so in a pop-up window — but...
Slack vulnerability would have let hackers take over accounts and read archives appeared first on http://www.theverge.com
No comments:
Post a Comment