This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS

ANY ONE CAN LOG-IN TO ANY GOOGLE ACCOUNT USING FORGOT PASSWORD LINK ->EVEN IF THEY ARE LOGGED OUT<- AND change password SO real USER cannot LOGIN LATER

(https://accounts.google.com/signin/v2/challenge/pwd?hl=en&passive=true&continue=https%3A%2F%2Fwww.google.co.in%2Fwebhp%3Fei%3Dx8GvWoLuLMqCvQSP3oTIAg%26yv%3D2%26rct%3Dj&flowName=GlifWebSignIn&flowEntry=AddSession&cid=1&TL=AHnYQLxsfrATj3lFWawDrfg-SH1fSt_5vydRJ5GXZklu90kxd1-5I7W3Pz1Fg_RCY5HeWHPhcAvbhR0TKLLC4pOytPgPhmw5PeZFYdVi0CjROTVxCve8c70HwJgNvnGZIaoLgNBLgFObUCChWU6uO9bRbfcx5UzSxA&navigationDirection=forward)  

HOW?
-------
====================
PRE-conditions(important)
====================

->ONE USER USE ANY-SYSTEM(any os/bROWSERS) TO LOG-IN 
USING THEIR EMAIL ANS PASSWORD
->LATER HE LOGGED OUT

USING THE FORGET PASSWORD OPTION ONE JUST SIMPLY CAN change his/her password

[think that he/she is using a private/public internet-cafe of on an anonymous person's pc or tab for an emergency]

CRITICAL-POINT
--------------
->user accidentally click on save password(i know any one can use saved key to log-in later, but that is not iam try to say ,i find an alternative way to a different situation ) 

->so user is logged-out 
->now we use forget password link to trying o change his/her password using the following steps:

step1: {NOW A PAGE SAYING "enTER THE LAST PASSWORD YOU REMEMBER USING WITH THIS GOOGLE ACCOUNT"}

STEP2:{SINCE COOKIE AUTO FILL "ENTER LAST PASSWORD" FIELD}
NOTE:WE CANNOT READ CURRENT PASSWORD SINCE IT APEAR LIKE ......}

STEP3: CLICK NEXT WE GET A MESSAGE SUCCESS-AND A MESSAGE "YOU CAN CONTINUE OR STILL YOU NEED TO CHANGE PASSWORD" AND A CONTINUE BOTTON AND A CHANGE PASSWORD OPTION

STEP4: CLICK CHANGE-PASSWORD BUTTON ,A PAGE WITH NEW PASSWORD AND CONFIRM PASSWORD WILL BE DISPLAYED
(HERE NOTE THAT GOOGLE IS NOT ASKING FOR CURRENT-PASSWORD (MANUALLY TO TYPE))

STEP5:YOU ENTER UR NEW PASSWORD AND LOGIN-IN USING NEW PASSWORD WITH OUT KNOWNG REAL PASSWORD

->HERE REAL USER CANNOT BE USE HIS OR HER ACCOUNT ANY MORE->

SOLUTION:
==========
NEED AN EXTRA FIELD FOR MANUALLY ENTERING CURRENT PASSWORD(NOT FROM COOKIES)

I THINK YOU UNDERSTAND WHAT IAM TRYING TO EXPLAIN

HOPE U WILL RESOLVE IT IMMEDIATELY

CONTACT ME (INDIA)9745659537,8281177780


VERSION
Chrome Version: [x.x.x.x] + [stable, beta, or dev]
Operating System: [Please indicate OS, version, and service pack level]

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace *with symbols*, registers,
exception record]
Client ID (if relevant): [see link above]

 

Deleted: forgetpass.PNG 20.1 KB

	forgetpass.PNG 20.1 KB View Download

Deleted: PASSWORDUREMEMBER.PNG 18.1 KB

	PASSWORDUREMEMBER.PNG 18.1 KB View Download