lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: nion at gmx.net (Nico Golde)
Subject: GMail logout (not sure if you could call it a vulnerability)

Hallo QoDS,

* QoDS ec <QoDSec@...il.com> [2004-06-22 13:22]:
> for example consider the following invite link:
> http://gmail.google.com/gmail/a-da020f8475-a200b150b3
> 
> if you change it to the following:
> http://gmail.google.com/gmail/a-da020f8435-a200b150b3
>                                             ^^^^^^^^^^^^^
>                                          Any of the following digits
> could change
> you will be automatically logged out and as it seems you will have the
> login name of the email of the person who did the invitation.
> 
> Not sure if there is anything evil you could do about it but just a
> minor bug that should be fixed.

and the login at this point doesnt works correctly.
ia am not able to login at this stage.
is it only my problem?
regards nico
-- 
Nico Golde - 310777820@ICQ
nico@...lde.de | nion@....net | http://www.ngolde.de
GPG: FF46 E565 5CC1 E2E5 3F69  C739 1D87 E549 7364 7CFF
Is there life after /sbin/halt -p?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040622/84b78c2a/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ