Mercury: recovering forgotten passwords using personal devices
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
The author discusses a common Gmail vulnerability, cross-site request forgery. During the time a user is authenticated to an online application, such as Web mail, the user's browser can be coerced into making authenticated requests to the application on a third party's behalf. Using that, it's quite simple to hijack domains that don't belong to you.