Full Disclosure mailing list archives
Re: Google / GMail bug, all accounts vulnerable
From: "alessandro salvatori" <sandr8 () gmail com>
Date: Fri, 7 Dec 2007 21:43:44 -0800
It's just stopped working for me. -Alessandro On Dec 7, 2007 5:04 PM, Kristian Erik Hermansen < kristian.hermansen () gmail com> wrote:
On Dec 7, 2007 7:40 AM, Aaron Katz <atkatz () gmail com> wrote:Could you please explain the vulnerability? When I test, and I submit a correct response to the CAPTCHA, I'm presented with knowledge based authentication.The bug, unless Google fixed it already, will have an affect on your GMail account, but has nothing to do with CAPTCHAs. Here is an illustration.... * You are happily browsing some emails in GMail. * You then visit any website which utilizes my PoC. (one @ http://www.kristian-hermansen.com) * You try to use your GMail account, but something went wrong. * You ask yourself what happened... -- Kristian Erik Hermansen "I have no special talent. I am only passionately curious." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- "To err is human - and to blame it on a computer is even more so." - Robert Orben A l e s s a n d r o S a l v a t o r i
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google / GMail bug, all accounts vulnerable Kristian Erik Hermansen (Dec 06)
- Re: Google / GMail bug, all accounts vulnerable Aaron Katz (Dec 07)
- Re: Google / GMail bug, all accounts vulnerable Mukul Dharwadkar (Dec 07)
- Re: Google / GMail bug, all accounts vulnerable worried security (Dec 07)
- Re: Google / GMail bug, all accounts vulnerable Ed Carp (Dec 07)
- Message not available
- Message not available
- Message not available
- Message not available
- Fwd: Google / GMail bug, all accounts vulnerable Aaron Katz (Dec 07)
- Re: Google / GMail bug, all accounts vulnerable Aaron Katz (Dec 07)
- Re: Google / GMail bug, all accounts vulnerable Mukul Dharwadkar (Dec 07)
- Re: Google / GMail bug, all accounts vulnerable Aaron Katz (Dec 07)
- Re: Google / GMail bug, all accounts vulnerable alessandro salvatori (Dec 07)
- Re: Google / GMail bug, all accounts vulnerable Joseph Hick (Dec 07)
- Re: Google / GMail bug, all accounts vulnerable Kristian Erik Hermansen (Dec 07)
- Re: Google / GMail bug, all accounts vulnerable Aaron Katz (Dec 11)
- Re: Google / GMail bug, all accounts vulnerable Kristian Erik Hermansen (Dec 11)
- Re: Google / GMail bug, all accounts vulnerable coderman (Dec 11)
- Re: Google / GMail bug, all accounts vulnerable Kristian Erik Hermansen (Dec 11)
- Re: Google / GMail bug, all accounts vulnerable Nick FitzGerald (Dec 11)
- Re: Google / GMail bug, all accounts vulnerable coderman (Dec 12)