|
Full Disclosure
mailing list archives
Re: Google / GMail bug, all accounts vulnerable
From: "Kristian Erik Hermansen" <kristian.hermansen () gmail com>
Date: Fri, 7 Dec 2007 17:04:37 -0800
On Dec 7, 2007 7:40 AM, Aaron Katz <atkatz () gmail com> wrote:
Could you please explain the vulnerability? When I test, and I submit
a correct response to the CAPTCHA, I'm presented with knowledge based
authentication.
The bug, unless Google fixed it already, will have an affect on your
GMail account, but has nothing to do with CAPTCHAs. Here is an
illustration....
* You are happily browsing some emails in GMail.
* You then visit any website which utilizes my PoC. (one @
http://www.kristian-hermansen.com)
* You try to use your GMail account, but something went wrong.
* You ask yourself what happened...
--
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Google / GMail bug, all accounts vulnerable, (continued)
Re: Google / GMail bug, all accounts vulnerable M . B . Jr . (Dec 07)
Re: Google / GMail bug, all accounts vulnerable Kristian Erik Hermansen (Dec 07)
|
Intro
