Hacking Gmail accounts with password reset system vulnerability
Oren Hafif, a security researcher has discovered a
critical vulnerability in the Password reset process of Google account
that allows an attacker to hijack any account.
He managed to trick Google users into handing over their passwords via a
simple spear-phishing attack by leveraging a number of flaws i.e.
Cross-site request forgery (CSRF), and cross-site scripting (XSS), and a
flow bypass.In[...]
