| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nion at gmx.net (Nico Golde) Subject: GMail logout (not sure if you could call it a vulnerability) Hallo QoDS, * QoDS ec <QoDSec@...il.com> [2004-06-22 13:22]: [...] > for example consider the following invite link: > http://gmail.google.com/gmail/a-da020f8475-a200b150b3 > > if you change it to the following: > http://gmail.google.com/gmail/a-da020f8435-a200b150b3 > ^^^^^^^^^^^^^ > Any of the following digits > could change > you will be automatically logged out and as it seems you will have the > login name of the email of the person who did the invitation. > > Not sure if there is anything evil you could do about it but just a > minor bug that should be fixed. i think this is not really evil. if i remind correctly this email address is also in the invitation message.? regards nico -- Nico Golde - 310777820@ICQ nico@...lde.de | nion@....net | http://www.ngolde.de GPG: FF46 E565 5CC1 E2E5 3F69 C739 1D87 E549 7364 7CFF Is there life after /sbin/halt -p? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040622/07966214/attachment.bin
Powered by blists - more mailing lists