Issue 690405 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Feb 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: This server is vulnerable to a BEAST attack for accounts.google.com.

Reported by ashvr...@gmail.com, Feb 9 2017

Issue description

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Make sure you have the TLSv1.2 protocol enabled on your server. Disable the RC4, MD5, and DES algorithms.

Comment 1 by mmoroz@chromium.org, Feb 9 2017

Status: WontFix (was: Unconfirmed)

Thanks for your report. Domain accounts.google.com is in scope for general Google VRP: https://www.google.com/about/appsecurity/reward-program/

Could you please report it the proper form: https://www.google.com/about/appsecurity/reward-program/#reporting

For Chromium VRP scope please take a look at https://www.google.com/about/appsecurity/chrome-rewards/index.html

Project Member

Comment 2 by sheriffbot@chromium.org, May 18 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 690405 link

Issue metadata

Security: This server is vulnerable to a BEAST attack for accounts.google.com.

Issue description

Comment 1 by mmoroz@chromium.org, Feb 9 2017

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, May 18 2017

Comment 2 Deleted

Sign in to add a comment