[Full-Disclosure] GMail logout (not sure if you could call it a vulnerability)

Tue Jun 22 12:37:55 BST 2004

Hallo QoDS,

* QoDS ec <QoDSec at gmail.com> [2004-06-22 13:22]:
> for example consider the following invite link:
> http://gmail.google.com/gmail/a-da020f8475-a200b150b3
> 
> if you change it to the following:
> http://gmail.google.com/gmail/a-da020f8435-a200b150b3
>                                             ^^^^^^^^^^^^^
>                                          Any of the following digits
> could change
> you will be automatically logged out and as it seems you will have the
> login name of the email of the person who did the invitation.
> 
> Not sure if there is anything evil you could do about it but just a
> minor bug that should be fixed.

and the login at this point doesnt works correctly.
ia am not able to login at this stage.
is it only my problem?
regards nico
-- 
Nico Golde - 310777820 at ICQ
nico at ngolde.de | nion at gmx.net | http://www.ngolde.de
GPG: FF46 E565 5CC1 E2E5 3F69  C739 1D87 E549 7364 7CFF
Is there life after /sbin/halt -p?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040622/84b78c2a/attachment.bin 