Issue 797158 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Dec 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: Changing Admin User For GSuite Registered Domain Does Not Update 2FA

Reported by mark.whe...@opskins.com, Dec 22 2017

Issue description


VULNERABILITY DETAILS
After updating the admin user on a domain registered through GSuite, after the domain was acquired, the 2FA associated with the original owners email was still tied to the account when attempting to log into the DNS control panel.

Not updating the user could potentially lead to vulnerability if a domain is sold / acquired.

VERSION

GSuite

REPRODUCTION CASE
Register domain through GSuite. Update the GSuite user's email account and password. The DNS panel admin will not be updated with it.

Comment 1 by elawrence@chromium.org, Dec 22 2017

Status: WontFix (was: Unconfirmed)

Thanks for the report. Unfortunately, this bug tracker tracks only security vulnerabilities in the Google Chrome web browser. To report issues with other products, please see https://www.google.com/about/appsecurity/reward-program/

Project Member

Comment 2 by sheriffbot@chromium.org, Mar 31 2018

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 797158 link

Issue metadata

Security: Changing Admin User For GSuite Registered Domain Does Not Update 2FA

Issue description

Comment 1 by elawrence@chromium.org, Dec 22 2017

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Mar 31 2018

Comment 2 Deleted

Sign in to add a comment