|
Full Disclosure
mailing list archives
Re: Google / GMail bug, all accounts vulnerable
From: "alessandro salvatori" <sandr8 () gmail com>
Date: Fri, 7 Dec 2007 21:43:44 -0800
It's just stopped working for me.
-Alessandro
On Dec 7, 2007 5:04 PM, Kristian Erik Hermansen <
kristian.hermansen () gmail com> wrote:
On Dec 7, 2007 7:40 AM, Aaron Katz <atkatz () gmail com> wrote:
Could you please explain the vulnerability? When I test, and I submit
a correct response to the CAPTCHA, I'm presented with knowledge based
authentication.
The bug, unless Google fixed it already, will have an affect on your
GMail account, but has nothing to do with CAPTCHAs. Here is an
illustration....
* You are happily browsing some emails in GMail.
* You then visit any website which utilizes my PoC. (one @
http://www.kristian-hermansen.com)
* You try to use your GMail account, but something went wrong.
* You ask yourself what happened...
--
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
"To err is human - and to blame it on a computer is even more so." - Robert
Orben
A l e s s a n d r o
S a l v a t o r i
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Google / GMail bug, all accounts vulnerable, (continued)
Re: Google / GMail bug, all accounts vulnerable M . B . Jr . (Dec 07)
Re: Google / GMail bug, all accounts vulnerable Kristian Erik Hermansen (Dec 07)
|
Intro
