A GMail user named Ahmed Motaz reported a possible security flaw in the Google’s upcoming emailing service GMail. The problem is related to the ‘CheckAvailability’ which can be misused to attain user information of a new user who is trying to register for the much hyped email service.
The flaw is: a remote user can invoke the ‘/accounts/CheckAvailability’ script on the GMail servers repeatedly to cause the system to show information which is indeed related to any other user. the information disclosed is the first name, last name and the desired GMail id. So the problem might not be as catastrophic as lets say attaining someone else’s social security number or a credit card number. But a bug is a bug and it is after all related to user’s privacy.
Google is aware of the problem and should be able to fix the problem soon. It is however worth noticing that GMail is still in beta stage and these are the kind of bugs that Google would like to sort out before releasing the final product to the users world wide.
Primary Source: Security Tracker
Vote for this post : 0
or Buzz it at Yahoo :
Comments
4 responses so far ↓
phentermine on Dec 27, 2004 at 10:00 am
I admire you on the willingness to share this info with others - good luck!
phentermine on Jan 14, 2005 at 1:38 am
Hi, just surfed in. I enjoyed looking around your web site. This site has been very useful to me so far and I have barely scrathed the surface of it.
online poker on Jan 16, 2005 at 7:56 am
Nice! We truly liked this work .
viagra on Jan 16, 2005 at 11:41 am
just a quick hello and congratulations to your nice website ! i’ll visit you again!
Leave a Comment