Google Vulnerability :: Email ID is set as Cookie Clear TEXT and Not Cleared on closing the browser

Posted on by

Email ID is set as Cookie Clear TEXT and Not Cleared on closing the browser

Risk Factor         : Medium (Why Medium please read below)

Reported Date : Feb 13th , 2012 ( Reported to Google Security Team )

To whom ?

TO ALL USERS AND ORGANIZATION ACROSS THE WORLD

  • Please request your users to click on “Logout” and not close the browser.
  • I am working with Google Security team and will let you know once this is fixed.

The following cookie is set as a persistent cookie.

Name : gmailchat

Value : email ID.

Environment :: For both regular users and also Google applications( Corporate accounts )

Description

  • An employee traveling checks his account at Airport closes the browser. Even though he closes the browser the cookie gmailchat is still present.
  • A user trying to access his account in a Internet station, checks his/her email and closes the browser. As the cookie is still present in the browsers, this can be stolen and leaves traces of his/her account in the browser.
  • Corporates/Enterprises might not want their email to be exposed when using gmail through cookies.

Steps to Reproduce the issue

Part 1
1. Clear all the cookies in Firefox
2. Sign-In to gmail ( http://gmail.com )
3. Close browser
4. Open a New Browser
5. Check the cookies and you will see you are not Logged-In and the cookie named gmailchat is present in the users browser. [ The Screenshot below will show you the same ]
Image

TO ALL USERS AND ORGANIZATION ACROSS THE WORLD

  • Please request your users to click on “Logout” and not close the browser.
  • I am working with Google Security team and will let you know once this is fixed.

Update ::1 Oct 24th 2012

The last i heard from them, they are still working on it and no ETA

3 thoughts on “Google Vulnerability :: Email ID is set as Cookie Clear TEXT and Not Cleared on closing the browser

  1. Yes this is a good catch. One of my friend checked her email in library she just closed the browser instead of logout. She is getting lot of junk emails. I thought where these guys got her email. I think this is the reason.

    Reply

  2. I can’t reproduce this. GMail deletes the cookie when I log out. Here’s the header.

    set-cookie:gmailchat=EXPIRED; Expires=Mon, 17-Dec-2012 01:09:51 GMT; Path=/mail/u/0; Secure

    Reply

  3. Paul,
    As stated above here are the steps to reproduce
    1. Login to gmail.com
    2. Close your browser ( Close all browsers )
    3. Open a new browser go to gmail.com
    4. You will get re-directed to the the login screen as you are logged out of gmail.
    5. Check your cookies look for gmailchat and it will still be there.

    Thanks, Nag

    Reply

Leave a comment