lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040622113554.GB1065@ngolde.de>
From: nion at gmx.net (Nico Golde)
Subject: GMail logout (not sure if you could call it a vulnerability)

Hallo QoDS,

* QoDS ec <QoDSec@...il.com> [2004-06-22 13:22]:
[...] 
> for example consider the following invite link:
> http://gmail.google.com/gmail/a-da020f8475-a200b150b3
> 
> if you change it to the following:
> http://gmail.google.com/gmail/a-da020f8435-a200b150b3
>                                             ^^^^^^^^^^^^^
>                                          Any of the following digits
> could change
> you will be automatically logged out and as it seems you will have the
> login name of the email of the person who did the invitation.
> 
> Not sure if there is anything evil you could do about it but just a
> minor bug that should be fixed.

i think this is not really evil.
if i remind correctly this email address is also in the invitation
message.?
regards nico
-- 
Nico Golde - 310777820@ICQ
nico@...lde.de | nion@....net | http://www.ngolde.de
GPG: FF46 E565 5CC1 E2E5 3F69  C739 1D87 E549 7364 7CFF
Is there life after /sbin/halt -p?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040622/07966214/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ