Google Blogoscoped

Wednesday, March 8, 2006

More Google Authentication Flaws

Garett Rogers reports that by sharing the URL you get after logging in to the Google Page Creator, you may inadvertedly also allow others to get into your Page Creator account... without ever having to enter your password. (I could reproduce this problem.) This security flaw is related to a previous one for Google’s book search, which also had the “auth” parameter in the URL. Just to be sure, if you ever see this “auth” parameter in your URLs, remove it before sending the URL to anyone.


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!