Google Account Recovery Vulnerability
Global Main Authentication and Identification Library (GMAIL)
If I told you to think of the most sensitive features (security-wise) in a web application, you would probably say – Login. Well if your definition of "Login" does not include password recovery, then it would definitely be the second one. This means, that password recovery is often in the center of attention for attackers – and for security professionals.
So let's say you are using Paypal, Facebook or Twitter, and you forgot your password (shit happens, right?). They will ask you to put your email in a nice input box, and wait until you get a password recovery link. If you're using Gmail (hey, who are you trying to fool? – you are!), it is the tool you recover passwords with, for every other application out there. Did you ever stop and ask what does GMAIL stand for? It’s the Global Main Authentication and Identification Library. Seriously, if someone got access to your Gmail account, he can "password recover" his way to any other web/mobile application out there (!). More about this can be viewed on a video by "security researcher" Don Friesen http://www.youtube.com/watch?v=2tJ-NSPES9Y.
What about the password recovery of your Gmail account? It's the password recovery for all the other password recoveries. According to the security jargon, it is a Mega-mega-mega-mega-password-recovery. A lot of nasty hacker's out there would love to find some holes in this fortress, that's why I decided to take a quick look at it.
Global Main Authentication and Identification Library (GMAIL)
If I told you to think of the most sensitive features (security-wise) in a web application, you would probably say – Login. Well if your definition of "Login" does not include password recovery, then it would definitely be the second one. This means, that password recovery is often in the center of attention for attackers – and for security professionals.
So let's say you are using Paypal, Facebook or Twitter, and you forgot your password (shit happens, right?). They will ask you to put your email in a nice input box, and wait until you get a password recovery link. If you're using Gmail (hey, who are you trying to fool? – you are!), it is the tool you recover passwords with, for every other application out there. Did you ever stop and ask what does GMAIL stand for? It’s the Global Main Authentication and Identification Library. Seriously, if someone got access to your Gmail account, he can "password recover" his way to any other web/mobile application out there (!).
More about this can be viewed on a video by "security researcher" Don Friesen http://www.youtube.com/watch?v=2tJ-NSPES9Y.
Much more here <a href="http://www.orenh.com/2013/11/google-account-recovery-vulnerability.html">Oren Hafif
rex_mundi