[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] full name disclosure information leak in google drive

To: kevin mcsheehan <kevin@xxxxxxxxxxxxx>
Subject: Re: [FD] full name disclosure information leak in google drive
From: Daniel Miller <bonsaiviking@xxxxxxxxx>
Date: Wed, 21 Jan 2015 15:16:50 -0600

On Wed, Jan 21, 2015 at 2:26 PM, kevin mcsheehan <kevin@xxxxxxxxxxxxx>
wrote:

> exploit title: full name disclosure information leak in google drive
> software link: https://drive.google.com/drive/#my-drive
> author: kevin mcsheehan
> website: http://mcsheehan.com
> email: kevin@xxxxxxxxxxxxx
> date: 01/20/15
>
> source: http://mcsheehan.com/?p=15
>
> description: google drive leaks the full name of a target email address
> when said email address is associated with an uploaded file. the full name
> is displayed whether or not the target has made that information publicly
> accessible by creating a google plus account.
>

I'm pretty sure Google doesn't consider this sort of thing a vulnerability.
Here's their "it's not a bug" page for it:
https://sites.google.com/site/bughunteruniversity/nonvuln/discover-your-name-based-on-e-mail-address

Dan

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] full name disclosure information leak in google drive
  - From: kevin mcsheehan

References:
- [FD] full name disclosure information leak in google drive
  - From: kevin mcsheehan

Prev by Date: [FD] full name disclosure information leak in google drive
Next by Date: Re: [FD] full name disclosure information leak in google drive
Previous by thread: [FD] full name disclosure information leak in google drive
Next by thread: Re: [FD] full name disclosure information leak in google drive
Index(es):
- Date
- Thread