View Single Post
  #1   (View Single Post)  
Old 23rd November 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,505
Default 'High impact' Gmail password security hole blew accounts wide open

From http://www.theregister.co.uk/2013/11...password_flaw/

Quote:
Google has fixed a "high impact" security bug in Gmail's password reset system that could have left any account wide open to a crafty hijacker.

The flaw, spotted by security researcher Oren Hafif, was exploited by sending a spoofed email that reminds the Gmail user that it's time to reset their password. Clicking on the link sends the user to a website that masquerades as a Google page and asks for the user for a new password. That hacker-controlled site also initiates a cross-site request forgery attack via XSS that tricks Google into handing over the victim's login cookie.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote