«

Google's high profile webmail service, Gmail, is vulnerable to a
security exploit that might allow hackers full access to a user's email
account simply by knowing the user name, according to reports. The
security flaw allows full access to users' accounts, with no need of a
password, Israeli news site Nana says.

Using a hex-encoded XSS link, the victim's cookie file can be stolen by
a hacker, who can later use it to identify himself to Gmail as the
original owner of an email account, regardless of whether or not the
password is subsequently changed. Following up a tip from an Israeli
hacker, journos from the site confirmed the attack and verified the
exploit with local security firm Aladdin Knowledge Systems.

From neowin today.

PseUDO

PseUDO wrote:
> Google's high profile webmail service, Gmail, is vulnerable to a
> security exploit that might allow hackers full access to a user's email
> account simply by knowing the user name, according to reports. The
> security flaw allows full access to users' accounts, with no need of a
> password, Israeli news site Nana says.
>
> Using a hex-encoded XSS link, the victim's cookie file can be stolen by
> a hacker, who can later use it to identify himself to Gmail as the
> original owner of an email account, regardless of whether or not the
> password is subsequently changed. Following up a tip from an Israeli
> hacker, journos from the site confirmed the attack and verified the
> exploit with local security firm Aladdin Knowledge Systems.
>
> From neowin today.
>
> PseUDO

been fixed