Slack has said that it has successfully patched a vulnerability that would have let hackers surreptitiously access the password of users when using the app to make calls
In a statement, the company has said that its technical team has addressed the issue fully and that its customers do not have to worry about the vulnerability.
The company has further said that it has not detected any case in which hackers attempted to take advantage of the vulnerability to steal the password and other login credentials of the users of the app.
On Tuesday, Frans Rosen of Detectify reported that he had discovered a particular vulnerability in Slack that hackers could easily exploit to steal the login credentials of users.
According to the researcher, the manner in which the app behaved when a user was making a call exposed the user to a lot of cyber attacks.
‘We have discovered that Slack does not verify the authenticity of the main app with the popup window that emerges when a user is making a call,’ he reported.
The researcher further pointed out that it was possible for hackers to take advantage of the failure in communication between the main app and the popup window to secretly access the information of the user of the app.
It was further reported that it was possible for hackers to establish a secret link between popup window and a secret website, thus gaining access to the passwords and other credentials of the users of the app within the shortest time possible.
The functionality in question is called PostMessage and is commonly used by many other apps similar to Slack.
According to Detectify researchers, it is common for hackers to exploit the manner in which the PostMessage feature functions by hijacking the messaging process.
‘Hackers can take control of the process and start sending fake messages to the users in a bid to gain access to the login details of the user,’ the researchers have further stated.
This is not the first time that a bug has been detected in Slack. Back in April, it was reported that Slack contained serious vulnerabilities that hackers could easily exploit to steal the login details of users of the service. when this incident was reported, Slack responded by patching the vulnerabilities and announcing that its app was safe.