Google Gmail/Calendar Security Flaw
Nov 28, 2006
by
0
I recently had some problems with the Google Calendar - and wanted users to be aware. This is what I sent to google to warn them of the security issue:
"I have been using google calendar with the login "myeemail@email.com" and my password.
I recently had a need to create a gmail account because my personal email was not functioning.
I created the gmail account with the username "newusername".
It asked me to associate a personal email and so I entered "myeemail@email.com"
Shortly thereafter I realized I couldn't get into my google calendar.
I repeatedly tried to login when I realized that by creating a gmail account and associating that email - it changed my google calendar username and gave my gmail account access to the calendar.
I consider this a security flaw, as anyone could have created a new gmail account, associated it with my email, and would have instantly had access to my google calendar.
Luckily - the individual creating the gmail account was me - so I figured out what happened. In addition, had it not been me, I would still be wondering why I couldn't access my calendar.
I hope this is valuable as other's may not be so lucky. For example, I could great new gmail accounts and guess emails to associate them with and get into other peoples google calendars, while at the same time changing their username.
Leave a comment
To leave a comment, please log in / sign up
RSS Feed
Facebook
Twitter
LinkedIn
YouTube