SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   GMail Drive Vendors:   viksoe.dk
GMail Drive Discloses Gmail Users Account Name and Lets Local Users Access the Gmail Account
SecurityTracker Alert ID:  1011758
SecurityTracker URL:  http://securitytracker.com/id/1011758
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 18 2004
Impact:   Disclosure of user information, User access via network
Exploit Included:  Yes  

Description:   Lostmon reported a vulnerability in GMail Drive. A local user can determine the GMail account name and can access the GMail account. [GMail Drive is not a Google product.]

It is reported that a local user can examine the properties of a GMail Drive to determine the GMail account username (the volume label is the username).

It is also reported that if the GMail Drive is configured for 'auto login', then a local user can access 'http://gmail.google.com' and gain direct access to the Gmail account used by GMail Drive.

Impact:   A local user can determine the Gmail account name.

A local user can access the Gmail account.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.viksoe.dk/code/gmail.htm (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Gmail drive discloses user name account and gain access to user mail account


wen install Gmail drive (http://www.viksoe.dk/code/gmail.htm)

1-disclosure of user information:

you have a new disk (gmail drive) in my Pc if you login in=20

any local user can view your user name account only need to look the proper=
ties=20
of gmail=B4s drive and look the volume lavel ...this is the user name
was used to loged in.

2- accesing user mail account=20

wen you open the gmail=B4s drive and if you check "auto login " option
any local user can go to http://gmail.google.com ...and the page
redirecting to the user account was loged on gmail drive


Atentamente
Lostmon ( lostmon@gmail.com )
--=20

thx to www.ayuda-internet.net for their support
thx to Ghalician he is whith me and investigate :)
La curiosidad es lo que hace mover la mente....
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC