Categories: News

Google isn’t serious about this bug which can hack your passwords

A cyber security researcher has found that the Google login page can be used to steal important user login credentials including the passwords. What’s worst is that Google isn’t paying due heed to the subject.

Aidan Woods published a detailed blog post titled as “Google faulty login page“, in which he disclosed the exploitable security bug and highlighted his correspondence with Google. In the blog, he mentioned that he submitted the bug report to the Google security team but the response wasn’t quite encouraging.

Woods mentioned that the Google login page can be maltreated by adding a parameter “Continue”, such that it could redirect the user to any other URL starting with the Google domain name (google.com). In other words, a user can be tricked with an original Google login page before he is redirected to any other website. This flaw can be used to gather important personal information.

In a particular case, after the Google login page, a user can be spoofed to another Google looking page which could say ‘Incorrect Password’ and ask you for the retype. An open redirect patterned like https://www.google.com/amp/[any_domain_here] can be specified to redirect the user to the any_domain_here.

Although it is evident that the flaw can be socially engineered to prove very harmful, it failed to get any of the Google’s likings. Karshan, a Google employee, termed the flaw as of “very little practical risk”. After that Woods published the bug summary to get Google’s attention and warn the general public.

The flaw hasn’t been addressed yet and we recommend that you should check the URL before entering any login credentials. Users should also act cautiously before clicking on any links they deem non-verified.

You can read the detailed disclosure and correspondence here.

Sponsored
Muneeb Ahmad

I love to talk about global tech-happenings, startups, industry, education and economy. Get in touch: muneeb@techjuice.pk.

Share
Published by
Muneeb Ahmad
Tags: Googleslider

Recent Posts

Rumors Indicate iPhone 17 May Feature Unconventional Camera Design

Apple is reportedly preparing for a significant design overhaul with its iPhone 17 series, blending…

5 hours ago

First AI-Powered Teacher Launched in Pakistan’s Private School

Karachi: A private school in Karachi has unveiled Pakistan’s first AI-powered teacher, a groundbreaking move…

6 hours ago

Yahoo Surprises Users with Its Latest Android Launcher

Third-party apps have long been a staple of the Android ecosystem, but their appeal has…

7 hours ago

Phase-II Review of PTCL-Telenor Deal Finalized by CCP

ISLAMABAD: The Competition Commission of Pakistan (CCP) has completed its Phase-II review of Pakistan Telecommunication…

7 hours ago

Xiaomi’s SU7 Achieves New Production Record, Driving Q3 Growth

Xiaomi has shattered records by producing 100,000 vehicles in just 230 days. This is nearly…

9 hours ago

Teachers Can Now Access OpenAI’s Free AI Course

OpenAI, in collaboration with nonprofit organization Common Sense Media, announced on Wednesday the launch of…

10 hours ago