A cyber security researcher has found that the Google login page can be used to steal important user login credentials including the passwords. What’s worst is that Google isn’t paying due heed to the subject.
Aidan Woods published a detailed blog post titled as “Google faulty login page“, in which he disclosed the exploitable security bug and highlighted his correspondence with Google. In the blog, he mentioned that he submitted the bug report to the Google security team but the response wasn’t quite encouraging.
Woods mentioned that the Google login page can be maltreated by adding a parameter “Continue”, such that it could redirect the user to any other URL starting with the Google domain name (google.com). In other words, a user can be tricked with an original Google login page before he is redirected to any other website. This flaw can be used to gather important personal information.
In a particular case, after the Google login page, a user can be spoofed to another Google looking page which could say ‘Incorrect Password’ and ask you for the retype. An open redirect patterned like https://www.google.com/amp/[any_domain_here] can be specified to redirect the user to the any_domain_here.
Although it is evident that the flaw can be socially engineered to prove very harmful, it failed to get any of the Google’s likings. Karshan, a Google employee, termed the flaw as of “very little practical risk”. After that Woods published the bug summary to get Google’s attention and warn the general public.
The flaw hasn’t been addressed yet and we recommend that you should check the URL before entering any login credentials. Users should also act cautiously before clicking on any links they deem non-verified.
You can read the detailed disclosure and correspondence here.
Apple is reportedly preparing for a significant design overhaul with its iPhone 17 series, blending…
Karachi: A private school in Karachi has unveiled Pakistan’s first AI-powered teacher, a groundbreaking move…
Third-party apps have long been a staple of the Android ecosystem, but their appeal has…
ISLAMABAD: The Competition Commission of Pakistan (CCP) has completed its Phase-II review of Pakistan Telecommunication…
Xiaomi has shattered records by producing 100,000 vehicles in just 230 days. This is nearly…
OpenAI, in collaboration with nonprofit organization Common Sense Media, announced on Wednesday the launch of…