Categories: News

Google isn’t serious about this bug which can hack your passwords

A cyber security researcher has found that the Google login page can be used to steal important user login credentials including the passwords. What’s worst is that Google isn’t paying due heed to the subject.

Aidan Woods published a detailed blog post titled as “Google faulty login page“, in which he disclosed the exploitable security bug and highlighted his correspondence with Google. In the blog, he mentioned that he submitted the bug report to the Google security team but the response wasn’t quite encouraging.

Woods mentioned that the Google login page can be maltreated by adding a parameter “Continue”, such that it could redirect the user to any other URL starting with the Google domain name (google.com). In other words, a user can be tricked with an original Google login page before he is redirected to any other website. This flaw can be used to gather important personal information.

In a particular case, after the Google login page, a user can be spoofed to another Google looking page which could say ‘Incorrect Password’ and ask you for the retype. An open redirect patterned like https://www.google.com/amp/[any_domain_here] can be specified to redirect the user to the any_domain_here.

Although it is evident that the flaw can be socially engineered to prove very harmful, it failed to get any of the Google’s likings. Karshan, a Google employee, termed the flaw as of “very little practical risk”. After that Woods published the bug summary to get Google’s attention and warn the general public.

The flaw hasn’t been addressed yet and we recommend that you should check the URL before entering any login credentials. Users should also act cautiously before clicking on any links they deem non-verified.

You can read the detailed disclosure and correspondence here.

Sponsored
Muneeb Ahmad

I love to talk about global tech-happenings, startups, industry, education and economy. Get in touch: muneeb@techjuice.pk.

Share
Published by
Muneeb Ahmad
Tags: Googleslider

Recent Posts

Samsung Partners with Sapphire Electronics for Local Production in Pakistan

Sapphire Electronics (Pvt) Limited, a wholly owned subsidiary of Reliance Cotton Spinning Mills Limited, has…

2 hours ago

Apple iPhone 16 Pro Max vs Google Pixel 9 Pro XL ; Key Insights You Need to Know

Apple and Google, two tech giants, have designed their latest offerings to meet the needs…

2 hours ago

What’s New in iOS 18.2.1? Here’s What You Should Know

iOS 18.2 introduces thrilling new features like Visual Intelligence, Image Playground, and upgraded writing tools.…

3 hours ago

Federal Govt Official Urges ‘Less’ Internet Use, Only for Important Matters

On Sunday, Syed Sajid Mehdi, Pakistan's Parliamentary Secretary for the Cabinet Division, proposed a solution…

3 hours ago

Federal Government Announces December 25 as Public Holiday

ISLAMABAD: The federal government has declared December 25, 2024, as a public holiday to mark…

3 hours ago

Samsung Terminates Employees Over Galaxy S25 Ultra Images Leak

An early setback occurred for Samsung's much anticipated Galaxy S25 series when unauthorized photographs of…

4 hours ago