“I will drop an http link (because slack:// links are not allowed to be hyperlinked on Reddit) that will redirect to our malicious slack:// link and change settings when clicked. Here I could make a post to a very popular Reddit community that Slack users around the world are subscribed to (in this test case however, I chose a private one I owned),” Wells said. In the second scenario, an outsider could place crafted hyperlinks into pieces of content that could be pulled into a Slack channel via external RSS feeds. In the first scenario, an insider could exploit the vulnerability for corporate espionage, manipulation or to gain access to documents outside of their role or privilege level. “After setting up a remote SMB share, we could send users or channels a link that would redirect all downloads to it after they click the link.” Remote ExploitationĪn attack can be carried out by both authenticated and unauthenticated users, Wells said. “An SMB share, however, completely bypassed this sanitation as there is no root drive needed,” Wells explained. The Slack application filters certain characters out – including colons – so an attacker can’t supply a path with a drive root. The reason it has to be an SMB share is because of a security check built into the platform.
#Slack desktop app dod download
“This download path can be an attacker-owned SMB share, which would cause all future documents downloaded in Slack to be instantly uploaded to the attacker’s server.” “ the ‘slack://’ protocol handler, which has the capability to change sensitive settings in the Slack Desktop Application,” Wells said in a posting on Friday. Victims can still open the downloaded document through the application, however, that will be done from the attacker’s Server Message Block (SMB) share.
#Slack desktop app dod windows
Nefarious types could redirect the files to their own SMB server and, they could manipulate the contents of those documents, altering information or injecting malware.Īccording to Tenable Research’s David Wells, who discovered the bug and reported it via the HackerOne bug-bounty platform, a download hijack vulnerability in Slack Desktop version 3.3.7 for Windows would allow an attacker to post a specially crafted hyperlink into a Slack channel that changes the document download location path when clicked.
We hope you’ll give Slack a try.A remotely exploitable vulnerability in the Windows desktop app version of the Slack collaboration platform has been uncovered, which allows attackers to alter where files from Slack are downloaded. Scientifically proven (or at least rumored) to make your working life simpler, more pleasant, and more productive.
Integrate into your workflow, the tools and services you already use including Google Drive, Salesforce, Dropbox, Asana, Twitter, Zendesk, and more.Share and edit documents and collaborate with the right people all in Slack.Message or call any person or group within your team.Communicate with your team and organize your conversations by topics, projects, or anything else that matters to your work.Slack is available on any device, so you can find and access your team and your work, whether you’re at your desk or on the go.
Check off your to-do list and move your projects forward by bringing the right people, conversations, tools, and information you need together. Slack brings team communication and collaboration into one place so you can get more work done, whether you belong to a large enterprise or a small business.