posted on Saturday, October 30, 2004 3:02 PM
by
demiliani
The first big Gmail flaw
Bad news from Gmail users... a new big security flaw has just been discovered.
This exploit can allow hackers to have full access to a user's email account simply by knowing the user name, with no need to know the password. simply by using a special hex-encoded XSS link, the victim's cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of an email account, regardless of whether or not the password is subsequently changed. More details can be found here. 
And now? I hope on a patch by Google soon...