Google"s high profile webmail service, Gmail, is vulnerable to a security exploit that might allow hackers full access to a user"s email account simply by knowing the user name, according to reports. The security flaw allows full access to users" accounts, with no need of a password, Israeli news site Nana says.
Using a hex-encoded XSS link, the victim"s cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of an email account, regardless of whether or not the password is subsequently changed. Following up a tip from an Israeli hacker, journos from the site confirmed the attack and verified the exploit with local security firm Aladdin Knowledge Systems.