Google fixes latest Gmail vulnerability

Flaw could expose users' sensitive information

Steve Malone
13 Jan 2005

Google has fixed a potentially damaging vulnerability in its Web based Gmail email service. Gmail users risked exposing personal information to hackers when they sent out email according to the Unix community site HBX Networks.

The issue arose when Gmail read 'From:mynamehere@gmail.com' in a message. If the trailing '>' was missing, Gmail will continued to read on until it until it encountered one, which may have included sensitive information not intended for the recipient.

Whilst researching the flaw, the HBX investigators found that by clicking the 'Show options' link, the 'Reply To' field in the email header that GMail displayed someone's HTML-formatted email message.

Google has now said that the problem has been fixed. As the problem lay at the server level, users can rest assured that their data has been secured. However, the Gmail flaw is the latest in a series of embarrassing vulnerabilities found in Google software.

Read more about: