Mysterious Gmail vulnerability - logs automatically out with picture

Forum

Mysterious Gmail vulnerability - logs automatically out with picture
Juha-Matti Laurio	Friday, December 7, 2007 16 years ago • 2,824 views
An interesting Gmail vulnerability, entitled as "Google / GMail bug, all accounts vulnerable" has been released on security mailing list recently. Link: http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058904.html The only information is this demonstration-type link: http: //www.kristian-hermansen.com/ (space added to prevent clicking) The Proof-of Concept page mentioned is based to this PNG picture: http: //www.kristian-hermansen.com/img/google-ashol.png (URL modified as well) The HTML source of that page is very simple, basically it just states the name of the background picture. Reports posted to mailing list says viewing the image (on different tab etc?) logs you out: http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058914.html
Juha-Matti Laurio	16 years ago #
Google has fixed the vulnerability now. Information about this was posted to Full-Disclosure mailing list mentioned by the author of the flaw on Saturday 8th Dec: http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058927.html

Blog | Forum more >> Archive | Feed | Google's blogs | About

This site unofficially covers Google™ and more with some rights reserved. Join our forum!