| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABmvJnNQ6QThq5tdm+vn+vo+eravBbG4ymtNtVd-g3d+xfKGGQ@mail.gmail.com> Date: Wed, 21 Jan 2015 15:16:50 -0600 From: Daniel Miller <bonsaiviking@...il.com> To: kevin mcsheehan <kevin@...heehan.com> Cc: fulldisclosure@...lists.org Subject: Re: [FD] full name disclosure information leak in google drive On Wed, Jan 21, 2015 at 2:26 PM, kevin mcsheehan <kevin@...heehan.com> wrote: > exploit title: full name disclosure information leak in google drive > software link: https://drive.google.com/drive/#my-drive > author: kevin mcsheehan > website: http://mcsheehan.com > email: kevin@...heehan.com > date: 01/20/15 > > source: http://mcsheehan.com/?p=15 > > description: google drive leaks the full name of a target email address > when said email address is associated with an uploaded file. the full name > is displayed whether or not the target has made that information publicly > accessible by creating a google plus account. > I'm pretty sure Google doesn't consider this sort of thing a vulnerability. Here's their "it's not a bug" page for it: https://sites.google.com/site/bughunteruniversity/nonvuln/discover-your-name-based-on-e-mail-address Dan _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists