Issue metadata
Sign in to add a comment
|
Security: mail can be sent without authentication
Reported by
soumya.u...@gmail.com,
Apr 19 2016
|
||||||||||||||||||
Issue descriptionThis template is ONLY for reporting security bugs. If you are reporting a Download Protection Bypass bug, please use the "Security - Download Protection" template. For all other reports, please use a different template. Please see the following link for instructions on filing security bugs: http://www.chromium.org/Home/chromium-security/reporting-security-bugs VULNERABILITY DETAILS Please provide a brief explanation of the security issue. VERSION Chrome Version: [x.x.x.x] + [stable, beta, or dev] Operating System: [WINDOWS 10] REPRODUCTION CASE Mail can be send from any account without authorization using external relay server. The account user is not aware that the mail has been sent from their account.
,
Apr 20 2016
,
Apr 20 2016
Marking as WontFix for now. Please feel free to re-open with a list of steps to follow to be able to reproduce this issue.
,
Apr 20 2016
Hello, I was able to send mail from any account to any my account without that user's authorization. The user cant see the mail he/she sent in their sent box but the mail appears in my inbox. I was able to do this by writing a piece of java code and using a third party relay server. If you want i can send you some examples. Thanks. Soumya
,
Apr 20 2016
Hi Soumya, thanks for writing back. Please feel free to attach your code to this issue. In addition, please include a detailed list of steps for us to be able to reproduce the issue. Unfortunately, without a reliable way to reproduce the issue, we won't be able to make any progress on it.
,
Apr 20 2016
Sure. I will do that
,
Apr 23 2016
I am attaching my code. My code will involve some of the jar files that you need to have before executing it. You can put other email ids in the input area in the code. For now, I have checked it for gmail only. If the email doesn't appear in the main inbox, check spam. And if you get any exception after compiling and executing, please send me full details. I am attaching mail.jar.
,
Jul 28 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by vakh@chromium.org
, Apr 19 2016