Welcome to WebmasterWorld Guest from 54.160.131.144

Forum Moderators: open

Message Too Old, No Replies

GMail Vulnerability

Google GMail 'CheckAvailability' Script May Disclose User Information to Re

     

ukgimp

9:20 am on Jul 15, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



[securitytracker.com...]

A vulnerability was reported in Google's GMail beta e-mail service. A remote user may be able to determine information about another user attempting to register an account on the system

bpresent

6:48 am on Jul 16, 2004 (gmt 0)



I noticed (weeks ago) that when I tried to register name 'bluewidget' that a message would be returned "'redwidget' is not available, try 'bluewidget2004'".

This seems to fit the intent of this article but I would hardly call it a high level security risk.

At this point in the process I did not actually have a gmail account and had provided little or no information about myself (G knew that I had another email address, the one I was invited on, and that my name was supposedly xyz).

Sounds very dramatic though (and the vagueness of this article allows the imagination to play with this).

Yes, it's true

A remote user may be able to determine information about another user
but as I saw it, the sum of that information was ... that another person on the planet had the desire to register a google email address of 'redwidget' :)

amznVibe

7:08 am on Jul 16, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



A remote user with a valid GMail invitation can determine information about another user ....
including the target user's first and last name

This isn't really a big deal other than embarassing for Google. I am willing to bet it will be fixed within hours.

bpresent

1:06 pm on Jul 16, 2004 (gmt 0)



The article was posted 5-Jul and I suspect it was probably fixed prior to the posting.

It is still a beta product.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month