Issue metadata
Sign in to add a comment
|
Security: Allow google sign in with and without "."
Reported by
swanand....@gmail.com,
Aug 1
|
||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS I have id called "swanand.mehta94@gmail.com" if i choose to login with valid password it will let me through however if i change Id to "swanandmehta94@gmail.com" (Missing ".") and logged in with valid password it will still let me through In outcome swanand.mehta94@gmail.com and swanandmehta94@gmail.com are two different Id yet they are considered to be the same VERSION Chrome Version: [ 67.0.3396.99 (64-bit)] + [stable] Operating System: [Windows 8.1, version, and service pack level] REPRODUCTION CASE 1. Create account something like "XXXXX.YYYY@gmail.com" 2. Try to login using valid password with login id "XXXXX.YYYY@gmail.com" 3. Logout 4. Try to login using valid password with login id "XXXXXYYYY@gmail.com" (Without dot) FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: - Crash State: - Client ID (if relevant): -
,
Aug 1
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by palmer@chromium.org
, Aug 1