Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[Full-disclosure] Possible issue for shared computers
From: n3td3v (xploitablegmail.com)
Date: Wed Aug 31 2005 - 15:23:58 CDT
Dear security community,
Security issue discovered using Google and Firefox.
I logged out of my first Google account. The logged out confirmation page
appeared. I then clicked on Sign-In. I signed in on a second Google account,
the page appeared which states who you've just logged in as. This is known
as "My Account". To the left of the My Account page is a section named "Edit
Services Info". On this is a link named Gmail. I clicked on this link, where
a new instance of Firefox appeared. The Gmail account served was that of the
previous logged in account and not the currently logged in account.
Something, somewhere went wrong, and this surely represents some kind of
problem for the many Google users on shared/ public computers. Contact me if
you're able to reproduce the above on your own computer. The 2-week login
option on the previous account was not selected, and confirmation of
changing accounts was witnessed, hence why having access to the My Account
page of the newly signed-in Google account. The result is you're able to
access a Gmail account of the previous computer user on shared/public
Cookies, who needs them anyway? Thanks, n3td3v
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/