| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Aug 31 21:24:05 2005 From: xploitable at gmail.com (n3td3v) Subject: Possible issue for shared computers Dear security community, Security issue discovered using Google and Firefox. I logged out of my first Google account. The logged out confirmation page appeared. I then clicked on Sign-In. I signed in on a second Google account, the page appeared which states who you've just logged in as. This is known as "My Account". To the left of the My Account page is a section named "Edit Services Info". On this is a link named Gmail. I clicked on this link, where a new instance of Firefox appeared. The Gmail account served was that of the previous logged in account and not the currently logged in account. Something, somewhere went wrong, and this surely represents some kind of problem for the many Google users on shared/ public computers. Contact me if you're able to reproduce the above on your own computer. The 2-week login option on the previous account was not selected, and confirmation of changing accounts was witnessed, hence why having access to the My Account page of the newly signed-in Google account. The result is you're able to access a Gmail account of the previous computer user on shared/public computers. Cookies, who needs them anyway? Thanks, n3td3v -- http://www.geocities.com/n3td3v -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050831/c9b57ace/attachment.html
Powered by blists - more mailing lists