Major Security Hole Catching AuthTokens in the Wild The Insecurity of Google's ClientLogin Protocol
4 views
Skip to first unread message
Brian Herman
May 18, 2011, 6:51:01 PM5/18/11
to chicago-...@googlegroups.com
Googles clientlogin protocol is sends the user information in plaintext.
http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html
WTF Google?
Thanks,
Brian Herman
brianjherman.com
brian...@acm.org
http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html
WTF Google?
Thanks,
Brian Herman
brianjherman.com
brian...@acm.org
Asten Rathbun
May 19, 2011, 12:33:30 PM5/19/11
to chicago-...@googlegroups.com
of course, they're already patching things on the server side to fix it. Security issues happen. What matters is how they're handled when they do.
--Asten
--Asten
--
You received this message because you are subscribed to the Google Groups "Chicago Androids" group.
To post to this group, send email to chicago-...@googlegroups.com.
To unsubscribe from this group, send email to chicago-androi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/chicago-androids?hl=en.
Reply all
Reply to author
Forward
0 new messages