PDA

View Full Version : Gmail accounts 'wide open to exploit'


tlr online
02-11-04, 10:18
Google's high profile webmail service, Gmail, is vulnerable to a security exploit that might allow hackers full access to a user's email account simply by knowing the user name, according to reports.

The security flaw allows full access to users' accounts, with no need of a password, Israeli news site Nana says . Using a hex-encoded XSS link, the victim's cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of an email account, regardless of whether or not the password is subsequently changed. Following up a tip from an Israeli hacker, journos from the site confirmed the attack and verified the exploit with local security firm Aladdin Knowledge Systems.

It's unclear whether the hole has been maliciously exploited. Google has been notified of the issue and is reportedly working on a fix. No-one from the company was available to update The Register on the issue at time of going to press.

www.theregister.co.uk (http://www.theregister.co.uk)

Joseph
02-11-04, 11:25
Dammit. Well i hardly use it anyway.

Neteru
02-11-04, 14:00
And I always delete cookies I have to accept as soon as I leave site (except for this one :D )

SpArKy
02-11-04, 14:11
Oh, well i also like Jospeh hardly use it, i use it to transfer single song / MP3's to friends that they would like and vice versa!

laracroft8290
02-11-04, 14:14
Google has already fixed the exploit. Click Here (http://www.theregister.com/2004/11/01/gmail_bug_fixed/) for details.

larasfrend
02-11-04, 19:27
YAAY! :D I also haven't taken to it yet, but I'm waiting to be able to invite friends! :mad: Then I can send bigger files to them! http://www.tombraiderforums.com/images/smilies/smile.gif