Categories: News

Google isn’t serious about this bug which can hack your passwords

A cyber security researcher has found that the Google login page can be used to steal important user login credentials including the passwords. What’s worst is that Google isn’t paying due heed to the subject.

Aidan Woods published a detailed blog post titled as “Google faulty login page“, in which he disclosed the exploitable security bug and highlighted his correspondence with Google. In the blog, he mentioned that he submitted the bug report to the Google security team but the response wasn’t quite encouraging.

Woods mentioned that the Google login page can be maltreated by adding a parameter “Continue”, such that it could redirect the user to any other URL starting with the Google domain name (google.com). In other words, a user can be tricked with an original Google login page before he is redirected to any other website. This flaw can be used to gather important personal information.

In a particular case, after the Google login page, a user can be spoofed to another Google looking page which could say ‘Incorrect Password’ and ask you for the retype. An open redirect patterned like https://www.google.com/amp/[any_domain_here] can be specified to redirect the user to the any_domain_here.

Although it is evident that the flaw can be socially engineered to prove very harmful, it failed to get any of the Google’s likings. Karshan, a Google employee, termed the flaw as of “very little practical risk”. After that Woods published the bug summary to get Google’s attention and warn the general public.

The flaw hasn’t been addressed yet and we recommend that you should check the URL before entering any login credentials. Users should also act cautiously before clicking on any links they deem non-verified.

You can read the detailed disclosure and correspondence here.

Sponsored
Muneeb Ahmad

I love to talk about global tech-happenings, startups, industry, education and economy. Get in touch: muneeb@techjuice.pk.

Leave a Comment
Share
Published by
Muneeb Ahmad
Tags: Googleslider

Recent Posts

Indian Army Granted Authority to Directly Takedown Social Media Content

The Indian Army has been granted direct authority to manage social media content concerning its…

8 hours ago

NUST Achieves Global Recognition with 43 Researchers Among World’s Top 2% Scientists

In an extraordinary accomplishment for Pakistani academia, 43 researchers from the National University of Sciences…

9 hours ago

Khyber Pakhtunkhwa Govt Ready to Acquire PIA with Bid Exceeding Rs10bn

The Khyber Pakhtunkhwa (KP) government has officially informed the federal government of its intention to…

10 hours ago

PTA Cautions Public on Illegal and Unlicensed Forex Trading Platforms

The Pakistan Telecommunication Authority (PTA) has issued a stern advisory, warning citizens against investing in…

10 hours ago

Record Emigration: Economic Instability Forces Pakistan’s Best and Brightest to Depart

Economic challenges are prompting skilled workers to leave Pakistan, resulting in a significant talent drain…

13 hours ago

Russia’s Fine on Google Exceeds World’s Economy

A Russian court has fined Google for blocking state-run media channels on YouTube, imposing a…

1 day ago