Slack Bug Allowed Automating Account Takeover Attacks

Slack has fixed a security flaw that allowed hackers to automate the takeover of arbitrary accounts after stealing session cookies using a HTTP Request Smuggling CL.TE hijack attack on https://slackb.com/. […]