New Gmail flaw lets attacker control ‘Change Password’ function

QAWorld is the place to turn for the latest QA news and in-depth coverage of the issues, trends, and products.
About Us Contact Sponsor Us Partners

Mar 3, 2009

New Gmail flaw lets attacker control ‘Change Password’ function

A researcher today released a proof-of-concept for a vulnerability he discovered in Google Gmail that lets an attacker change a Gmail user’s password, wage a denial-of-service attack on the account, or even access other Gmail users’ email.

An attacker can build a phony Web page that accepts requests for Gmail password changes, and then lets the attacker change the victims’ passwords without their knowing and evading CAPTCHA restrictions. Read on.

Topics

InfoWorld News

QA Jobs by Dice.com

Breaking Tech News

How Facebook uses your data - Times of India February 5, 2012
Facebook's Mobility Challenge - New York Times February 5, 2012
Nicira debuts with its SDN baby - Computerworld February 6, 2012
Where now for Microsoft and Windows Phone? - Forbes February 4, 2012
'Shieldcroc' with thick-skinned shield discovered - The State Column February 5, 2012
Ford tried to stop Chevrolet Silverado's Super Bowl ad - USA TODAY February 5, 2012
NASA's Goddard releases rare image of Earth - The State Column February 5, 2012
Motorola makes Apple pull iPads and iPhones in Germany - BBC News February 3, 2012
Angelic "Steve Jobs" loves Android in Taiwan TV ad - Reuters February 2, 2012
Why Apple's A5 is so big--and iPhone 4 won't get Siri - CNET February 4, 2012

Security Issues

Samsung Epic Touch 4G Receives Modem, Software, Security Updates, Lower Price - Mobile bloom News February 5, 2012
Don't use our software, security firm Symantec warns customers - Fox News January 26, 2012
The Mobile Pivot: Pyxis becomes Verivo Software - Forbes February 5, 2012
military to get secure Android phones - CNN February 3, 2012

Ensuring the quality of your application is our #1 job.