New Google Mail Security Vulnerability Emerges

Martin Brinkmann
Nov 24, 2008
Updated • May 2, 2012
Email, Gmail, Security

News about domain hijackings came to light in the last weeks. The commonality was that all victims were using Google Mail as the primary email address of their websites. Yesterday a proof of concept for a Gmail security flaw was posted at the Geek Condition blog which explains how the attacker was able to hijack the domain names.

The attacker basically set filters in Gmail to forward emails from the domain registrar to another email account. To ensure that the account owner would not notice the mails they were set to be deleted afterwards.

Most domain registrars offer web forms that can be used to retrieve account information. Godaddy for instance provides web forms to retrieve the username and reset the password of an account. They do send out emails to the primary email account. Those emails are however forwarded and deleted so that they can only be accessed by the attacker.

The two emails will contain the account's username and a new password which can be used to log into the account and initiate a domain transfer to another registrar.

The exploit makes use of a specially prepared website to steal the Google Mail cookie from the user to set the filter in an hidden iframe. This is why the account owners were never logged out of their account by the attacker. He never had physical access to the account. But the filter was enough to hijack the domains.

Gmail users should regularly check their Filters to make sure that none exist that have not been added by them. A better solution would be to retrieve the emails from a desktop email client like Thunderbird or Microsoft Outlook instead.No word yet from the Google Mail team about the vulnerability.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. GRTerrero said on November 26, 2008 at 2:47 pm

    You should let people know that there are several websites that are normally filtered out for deletion by Gmail. Those are safe to leave. Anyone reading this would run to check their GMail filter settings and delete those and be innundated with spam.

  2. Thinker said on November 25, 2008 at 2:29 pm

    Great ;] Don’t trust anyone in the web :)

  3. venkat said on November 25, 2008 at 8:08 am

    This is really scary news for Gmail users ,now neither email accounts are safe nor Domains .

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.