New issue
Advanced search Search tips

Issue 765984 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Sep 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Business Logic Bug

Reported by unmesh.j...@gmail.com, Sep 17 2017 
1) Logged in as user "unmesh.jore@gmail.com" and downloaded a plugin called crypto email from link https://chrome.google.com/webstore/detail/cryptup-encrypt-gmail-wit/bnjglocicdkmhmoohhfkfkbbkejdhdgc?hl=en
2) After installing the plugin the link was chrome-extension://bnjglocicdkmhmoohhfkfkbbkejdhdgc/chrome/settings/setup.htm?account_email=unmesh.jore%40gmail.com
the request goes in get.
3) I just the changed the user from "unmesh.jore%40gmail.com" to "umesh.jore143@gmail.com" the request was accepted by google server.
4) Without getting logged in as user "umesh.jore143@gmail.com" i was able to encrypt the mails for "umesh.jore143@gmail.com".If pass phrase are correct i would be able to encrypt the email of unauthorized user i.e. "umesh.jore143@gmail.com"
5) Note PoC have been attached its business logic flaw. One user should not allow to encrypt the mail of other user.
google bug.zip
423 KB Download

Comment 1 by mea...@chromium.org, Sep 17 2017

Status: WontFix (was: Unconfirmed)
Thanks for the report.

Google doesn't own or maintain the extension in your link so unfortunately there isn't much we can do here. Please contact the extension developer.
Project Member

Comment 2 by sheriffbot@chromium.org, Dec 25 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment