Serious security flaw discovered on Gmail

According to the assessment, this security hole is classified as extremely serious and can help hackers take over all rights to use a user's Gmail mailbox.

According to the latest discovery, a group of security researchers in Pakistan have found a new security vulnerability in Gmail, which can help hackers easily attack and take over all rights to use users' mailboxes.

The newly discovered security flaw involves the way Google connects a primary Gmail address to another email address that a user specifies and uses for email forwarding purposes.

According to the explanation from Ahmed Mehtab, the student who discovered the above security hole, if he knows the second email address that the user has linked to the intended Gmail address, the hacker can trick Gmail by letting the service send a confirmation email to any address.

This serious security flaw could allow hackers to take over any user's Gmail inbox.

More specifically, when an attacker attempts to verify ownership of an email address, Google will respond by sending an email to the address. However, if the address does not exist or cannot receive emails from Google, the response will of course be returned to Google and the attacker will of course receive a notification email from Google. It is worth noting that the information that Google sends back to the hacker accidentally reveals the user's authentication code and the bad guy can take advantage of the email address ownership certificate and can use this email to send emails as usual.

Through this security hole, bad guys can steal Gmail user information by forwarding emails from the victim's account to an unauthenticated account. Not stopping there, the victim is also at risk of losing everything if the SMTP server is offline, the email does not exist, cannot be found, or the recipient exists but has blocked the sender.

According to PCWorld