INSERT, the Information Security Research Team, according to a report, has found out that there exists a “serious security flaw” in Gmail which turns it into a spamming machine.
They created a proof of concept that exploits the “trust hierarchy” that exists between mail service providers.
There is a 500-address limit on bulk email message sent from Gmail but by exploiting this flaw a spammer can send thousands of bulk e-mails through Google’s SMTP service.
By having Gmail’s servers relay messages in behalf of an attacker, this flaw compromises the very trust hierarchy that exists among email providers. This way, all email providers that offer Google’s SMTP servers any special level of trust (e.g. whitelist status) are vulnerable.
According to INSERT’s report:
In this regard, this document presents a vulnerability report and a proof of concept attack that demonstrate how anyone with no special internet access privileges other than being able to connect to SMTP (TCP port 25) and HTTP (TCP port 80) servers is able to exploit a single Gmail Account in order to be granted nearly unrestricted access to Google’s massive white-listed SMTP relay infrastructure.
It also notes that no extraordinary Internet expertise is necessary to exploit the flaw. Click here to read the report.
0 responses so far
There are no comments yet...Kick things off by filling out the form below.
You must log in to post a comment.