Google Blogoscoped

Forum

Mysterious Gmail vulnerability - logs automatically out with picture

Juha-Matti Laurio [PersonRank 10]

Friday, December 7, 2007
13 years ago2,403 views

An interesting Gmail vulnerability, entitled as "Google / GMail bug, all accounts vulnerable" has been released on security mailing list recently.
Link:
lists.grok.org.uk/pipermail/fu ...

The only information is this demonstration-type link:

http: //www.kristian-hermansen.com/
(space added to prevent clicking)

The Proof-of Concept page mentioned is based to this PNG picture:
http: //www.kristian-hermansen.com/img/google-ashol.png
(URL modified as well)

The HTML source of that page is very simple, basically it just states the name of the background picture.
Reports posted to mailing list says viewing the image (on different tab etc?) logs you out:
lists.grok.org.uk/pipermail/fu ...

Juha-Matti Laurio [PersonRank 10]

13 years ago #

Google has fixed the vulnerability now. Information about this was posted to Full-Disclosure mailing list mentioned by the author of the flaw on Saturday 8th Dec:
lists.grok.org.uk/pipermail/fu ...

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!