[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] GMail logout (not sure if you could call it a vulnerability)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] GMail logout (not sure if you could call it a vulnerability)
From: Nico Golde <nion@xxxxxxx>
Date: Tue, 22 Jun 2004 13:37:55 +0200

Hallo QoDS,

* QoDS ec <QoDSec@xxxxxxxxx> [2004-06-22 13:22]:
> for example consider the following invite link:
> http://gmail.google.com/gmail/a-da020f8475-a200b150b3
> 
> if you change it to the following:
> http://gmail.google.com/gmail/a-da020f8435-a200b150b3
>                                             ^^^^^^^^^^^^^
>                                          Any of the following digits
> could change
> you will be automatically logged out and as it seems you will have the
> login name of the email of the person who did the invitation.
> 
> Not sure if there is anything evil you could do about it but just a
> minor bug that should be fixed.

and the login at this point doesnt works correctly.
ia am not able to login at this stage.
is it only my problem?
regards nico
-- 
Nico Golde - 310777820@ICQ
nico@xxxxxxxxx | nion@xxxxxxx | http://www.ngolde.de
GPG: FF46 E565 5CC1 E2E5 3F69  C739 1D87 E549 7364 7CFF
Is there life after /sbin/halt -p?

Attachment: pgp00060.pgp
Description: PGP signature

Follow-Ups:
- Re: [Full-Disclosure] GMail logout (not sure if you could call it a vulnerability)
  - From: Nico Golde

References:
- [Full-Disclosure] GMail logout (not sure if you could call it a vulnerability)
  - From: QoDS ec

Prev by Date: RE: [Full-Disclosure] What Your Empty Wallet Says About You
Next by Date: Re: [Full-Disclosure] GMail logout (not sure if you could call it a vulnerability)
Previous by thread: [Full-Disclosure] GMail logout (not sure if you could call it a vulnerability)
Next by thread: Re: [Full-Disclosure] GMail logout (not sure if you could call it a vulnerability)
Index(es):
- Date
- Thread