Google Flaw Lets Remote Users Hijack Accounts
|
|
SecurityTracker Alert ID: 1012001
|
|
SecurityTracker URL: http://securitytracker.com/id?1012001
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 30 2004
|
Impact: Disclosure of authentication information, User access via network
|
Vendor Confirmed: Yes
|
Description: A vulnerability was reported in Google Gmail. A remote user can steal cookies to access a target user's account.
Nana NetLife Magazine (nana.co.il) reported a vulnerability in Google Gmail that was discovered by Israeli hacker Nir Goldshlagger.
A
remote user can create a specially crafted link that, when loaded by the target user, will disclose the target user's cookie. With
the target user's cookie, the remote user can then access the target user's account.
The report indicates that the specially
crafted link will direct to the Gmail site.
No further details were provided.
Google has reportedly confirmed the flaw.
|
Impact: A remote user can steal a target user's cookie to gain access to the target user's Gmail account.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: gmail.google.com/ (Links to External Site)
|
Cause: Authentication error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 29 Oct 2004 23:04:40 -0400
Subject: http://net.nana.co.il/Article/?ArticleID=155025&sid=10
|
Nana NetLife Magazine (nana.co.il) reported a vulnerability in Google Gmail.
The flaw was discoverd by Isreaeli hacker Nir Goldshlagger.
A remote user can create a specially crafted link that, when loaded by the target
user, will disclose the target user's cookie. With the target user's cookie, the
remote user can then access the target user's account.
The report indicates that the specially crafted link will direct to the Gmail site.
No further details were provided.
Google has reportedly confirmed the flaw.
|
|
