X
Business
Home Business Companies Google

Google Page Creator security flaw?

You will notice an "auth" variable in the address bar after logging in to your Google Pages account -- nothing too exciting right?  Well, this could be a serious security problem just like the one Philipp Lenssen blogged about that affected Google Book Search.
Written by Garett Rogers, Inactive

You will notice an "auth" variable in the address bar after logging in to your Google Pages account -- nothing too exciting right?  Well, this could be a serious security problem just like the one Philipp Lenssen blogged about that affected Google Book Search.  If you paste this entire URL into any browser (even if it's not logged into your account) you are signed in automatically -- no need for a password.  Thankfully this trick doesn't give you access to any other Google services or the "My Account" area.

I was thinking this may be a feature -- a one time or time limited auth string that can be used to log into your account from different browsers or machines, but I'm not certain now that they have fixed the same "problem" in Google Book Search.

As a reminder, just be careful about the URL's your copying or screenshots you are capturing if the URL has an "auth" variable in it -- in some cases it can be just as useful as a password.

 

Editorial standards
Show Comments

Related

Private space Android 15

Android 15 unveiled: Here are 8 exciting (or handy) features coming to your phone

Hackbat

Meet Hackbat: An open-source, more powerful Flipper Zero alternative

Google's app security settings for Android

Here are the top five Android 15 features I love the most