March 6th, 2006
Google Page Creator security flaw?
You will notice an "auth" variable in the address bar after logging in to your Google Pages account — nothing too exciting right? Well, this could be a serious security problem just like the one Philipp Lenssen blogged about that affected Google Book Search. If you paste this entire URL into any browser (even if it’s not logged into your account) you are signed in automatically — no need for a password. Thankfully this trick doesn’t give you access to any other Google services or the "My Account" area.
I was thinking this may be a feature — a one time or time limited auth string that can be used to log into your account from different browsers or machines, but I’m not certain now that they have fixed the same "problem" in Google Book Search.
As a reminder, just be careful about the URL’s your copying or screenshots you are capturing if the URL has an "auth" variable in it — in some cases it can be just as useful as a password.
Garett Rogers is employed as a programmer for iQmetrix, which specializes in retail management software for the wireless industry.
See his full profile and disclosure of his industry affiliations.
Subscribe to Googling Google via Email alerts or RSS.
