lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABmvJnNQ6QThq5tdm+vn+vo+eravBbG4ymtNtVd-g3d+xfKGGQ@mail.gmail.com>
Date: Wed, 21 Jan 2015 15:16:50 -0600
From: Daniel Miller <bonsaiviking@...il.com>
To: kevin mcsheehan <kevin@...heehan.com>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] full name disclosure information leak in google drive

On Wed, Jan 21, 2015 at 2:26 PM, kevin mcsheehan <kevin@...heehan.com>
wrote:

> exploit title: full name disclosure information leak in google drive
> software link: https://drive.google.com/drive/#my-drive
> author: kevin mcsheehan
> website: http://mcsheehan.com
> email: kevin@...heehan.com
> date: 01/20/15
>
> source: http://mcsheehan.com/?p=15
>
> description: google drive leaks the full name of a target email address
> when said email address is associated with an uploaded file. the full name
> is displayed whether or not the target has made that information publicly
> accessible by creating a google plus account.
>

I'm pretty sure Google doesn't consider this sort of thing a vulnerability.
Here's their "it's not a bug" page for it:
https://sites.google.com/site/bughunteruniversity/nonvuln/discover-your-name-based-on-e-mail-address

Dan

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ