A GMail user named Ahmed Motaz reported a possible security flaw in the Google’s upcoming emailing service GMail. The problem is related to the ‘CheckAvailability’ which can be misused to attain user information of a new user who is trying to register for the much hyped email service.
The flaw is: a remote user can invoke the ‘/accounts/CheckAvailability’ script on the GMail servers repeatedly to cause the system to show information which is indeed related to any other user. the information disclosed is the first name, last name and the desired GMail id. So the problem might not be as catastrophic as lets say attaining someone else’s social security number or a credit card number. But a bug is a bug and it is after all related to user’s privacy.
Google is aware of the problem and should be able to fix the problem soon. It is however worth noticing that GMail is still in beta stage and these are the kind of bugs that Google would like to sort out before releasing the final product to the users world wide.
Primary Source: Security Tracker
