Full Disclosure mailing list archives
Possible issue for shared computers
From: n3td3v <xploitable () gmail com>
Date: Wed, 31 Aug 2005 21:23:58 +0100
Dear security community, Security issue discovered using Google and Firefox. I logged out of my first Google account. The logged out confirmation page appeared. I then clicked on Sign-In. I signed in on a second Google account, the page appeared which states who you've just logged in as. This is known as "My Account". To the left of the My Account page is a section named "Edit Services Info". On this is a link named Gmail. I clicked on this link, where a new instance of Firefox appeared. The Gmail account served was that of the previous logged in account and not the currently logged in account. Something, somewhere went wrong, and this surely represents some kind of problem for the many Google users on shared/ public computers. Contact me if you're able to reproduce the above on your own computer. The 2-week login option on the previous account was not selected, and confirmation of changing accounts was witnessed, hence why having access to the My Account page of the newly signed-in Google account. The result is you're able to access a Gmail account of the previous computer user on shared/public computers. Cookies, who needs them anyway? Thanks, n3td3v -- http://www.geocities.com/n3td3v
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Possible issue for shared computers n3td3v (Aug 31)
- Re: Possible issue for shared computers FRLinux (Aug 31)