Security News > 2020 > March > Slack fixes account-stealing bug

The bug uses a sneaky trick called HTTP smuggling, which takes advantage of how back-end servers process requests using this protocol.

A front-end proxy server might send it to one of several back-end servers, for example.

An HTTP request is only supposed to use one of these headers, but HTTP smuggling attacks use both of them to confuse the front-end and back-end servers.

Custodio discovered that Slack was susceptible to a variant of the HTTP smuggling attack called CLTE, in which the front-end server uses the Content-Length header while the back-end server uses the Transfer-Encoding one.

Because the front-end server blends requests from different people in the same stream, this lets them affect someone else's communications with the back-end server.

News URL

https://nakedsecurity.sophos.com/2020/03/17/slack-fixes-account-stealing-bug/