Google Flaw Lets Remote Users Hijack Accounts

Nana NetLife Magazine (nana.co.il) reported a vulnerability in Google Gmail that was discovered by Israeli hacker Nir Goldshlagger.

A remote user can create a specially crafted link that, when loaded by the target user, will disclose the target user’s cookie. With the target user’s cookie, the remote user can then access the target user’s account.

The report indicates that the specially crafted link will direct to the Gmail site.

No further details were provided.

Google has reportedly confirmed the flaw.

http://www.securitytracker.com/alerts/2004/Oct/1012001.html

Leave a Reply