Akash Jung Basnet, a 24-year-old Nepali youth, has discovered Google's security vulnerabilities.
Aakash has discovered the weaknesses within the Wedge.com domain on Google's acquisition site. Under this, the password reset link could be leaked from the referrer head at the request of the third-party site.
For example, if someone forgets their password and wants to reset it, an email will appear when they reset the password.
 |
Clicking on the password recovery link in that email brings up a new and confirmed password. But the credentials are leaked to the referrer header without going to the server of the related site.
As a result, the password token leaked, and who has control over the third-party site, there is a danger that the user account inside it can be completely compromised, said Akash.
Aakash reported the bug to Google 12 days ago. Google validated his bug report on Friday and awarded him a Hall of Frame with a bounty reward.
Aakash did not want to disclose the amount of the bounty reward.
Akash is currently working in the IT department of the Ministry of Law, Justice, and Parliamentary Affairs.
Basnet, who has been involved in ethical hacking for several years, has so far received Hall of Frame from Google, Microsoft, Apple, BBC, Nokia, and others.
He has also received acclaim from Lenovo, Intel, McAfee Antivirus, Harvard University, Cambridge University, Huawei, Asset Antivirus, and others.
No comments:
Post a Comment