IRC-for-millennials biz shrugs: Yeah, we might fix that later
Security researchers have uncovered a flaw in messaging app Slack that allows a file shared in a private channel to be viewed by anyone in that workspace – even guests.
Folk from Israeli cloud security outfit Polyrize uncovered the vuln, that they say exposes files shared through the IRC-for-millennials application, which boasts millions of users.
"If you share your file once, even if you later unshare it, that file can still be exposed to other people, without any indication to you,” said Polyrize, adding that the vuln includes the viewing of files through API queries.
It works through Slack's implementation of file-sharing. Posts on a Slack workspace can be in a public channel, or conversation, where anyone with an account on t ..
Support the originator by clicking the read the rest link below.
