Issue 636088 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Aug 2016
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security

Gmail Password Reset Bug

Reported by t.johns9...@gmail.com, Aug 9 2016

Issue description

This requires account access which could be obtained from a computer left open, etc. By viewing when the password was last changed you can reset the password if they have never changed it by stating when the account was made. 

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Password reset based upon account creation. Requires account access. 

VERSION
Chrome Version: 52.0.2743.116
Operating System: Windows 10

	Capture.PNG 30.6 KB View Download

Comment 1 by wfh@chromium.org, Aug 9 2016

Labels: -Restrict-View-SecurityTeam
Status: WontFix (was: Unconfirmed)

This forum is for reporting bugs with chromium open source project. If you feel you have found an issue with gmail I suggest reporting via their program - https://goo.gl/vulnz

However, I feel this would require physical access to the target's computer so this likely would not qualify see this link:

https://sites.google.com/site/bughunteruniversity/nonvuln/attacks-working-only-when-sharing-local-account-with-the-attacker

Comment 2 by t.johns9...@gmail.com, Aug 9 2016

Thank you. Sorry to waste your time.

►

Issue 636088 link

Issue metadata

Gmail Password Reset Bug

Issue description

Comment 1 by wfh@chromium.org, Aug 9 2016

Comment 1 Deleted

Comment 2 by t.johns9...@gmail.com, Aug 9 2016

Comment 2 Deleted

Sign in to add a comment