Third-Party Helpdesks Like Slack Are at Risk And You Must Read This

Rahul Gupta

Over the years, both big and small organizations have started relying on communication tools such as Slack for internal communication and collaboration. But a serious vulnerability has just been unearthed in third-party helpdesk services that could let anyone with the know-how gain access to confidential internal communications.

Cyber Security

According to Inti De Ceukelaire, who discovered the vulnerability, anyone can gain access to internal communication even when the administrator or the caretaker has not explicitly given permission to them.

Slack, Easy to Hack

This becomes all the more critical in case of helpdesks and issue trackers where the support system relies on similar domain IDs. De Ceukelaire exploited this very method to get through.

He created an account on GitHub and raised a ticket over email. Following that, he got access to the email address. This was later on used to register on Slack that was being used by the company for internal communications.

Slack_Technologies_Logo.svg

Are Automated Helpdesks to Be Blamed?

Helpdesk software or applications allow users to get a quick remedy to their issues by simply raising tickets or by reporting issues.

The real problem lies in the verification system, which practically means that anyone can use any email address to gain access to the information linked to that account.

De Ceukelaire wrote on his blog, “This vulnerability exists if support tickets can be created through email and if support tickets are accessible by users with an unverified email address. It also exists in public issue trackers or responders providing a unique @company.com email address to submit information directly to a ticket, forum post, private message or user account.”

Safety Measures

It’s a simple fix, really. Companies can simply change their support email addresses so that anyone cannot get access to email addresses that can be used to sign up for services such as Slack or Yammer.

If you are still using a support email address, consider changing it.

Also See
#hacking#internet

Join the newsletter

Rahul Gupta

Written By

Rahul Gupta

Rahul Gupta has been closely following personal technology for over a decade. When not writing or talking about technology, Rahul loves to spend time with his motorbikes or brewing a nice cup of coffee.