Google GMail 'CheckAvailability' Script May Disclose User Information to Remote Users
Impact: Disclosure of user information
Exploit Included: Yes
Description: A vulnerability was reported in Google's GMail beta e-mail service. A remote user may be able to determine information about another user attempting to register an account on the system.
Ahmed Motaz reported that a remote user can invoke the '/accounts/CheckAvailability' script repeatedly to cause the system to return information beloging to another user's query. The information disclosed includes the target user's first and last name and the target user's desired GMail account username.
The remote user must have a valid GMail invitation, the report said.
The vendor has reportedly been notified.
Impact: A remote user with a valid GMail invitation can determine information about another user attempting to register an account with the service, including the target user's first and last name and the target user's desired GMail account username.
Solution: No solution was available at the time of this entry.
Your favorite shows are back!
Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!