Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Google / GMail bug, all accounts vulnerable

From: "alessandro salvatori" <sandr8 () gmail com>
Date: Fri, 7 Dec 2007 21:43:44 -0800
It's just stopped working for me.
-Alessandro

On Dec 7, 2007 5:04 PM, Kristian Erik Hermansen <
kristian.hermansen () gmail com> wrote:


On Dec 7, 2007 7:40 AM, Aaron Katz <atkatz () gmail com> wrote:

Could you please explain the vulnerability?  When I test, and I submit
a correct response to the CAPTCHA, I'm presented with knowledge based
authentication.


The bug, unless Google fixed it already, will have an affect on your
GMail account, but has nothing to do with CAPTCHAs.  Here is an
illustration....

* You are happily browsing some emails in GMail.
* You then visit any website which utilizes my PoC. (one @
http://www.kristian-hermansen.com)
* You try to use your GMail account, but something went wrong.
* You ask yourself what happened...
--
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





-- 
"To err is human - and to blame it on a computer is even more so." - Robert
Orben

A l  e   s    s     a      n       d        r         o
        S        a       l      v     a    t   o  r i

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: