Hackers discover way to access Google accounts without a password::‘Exploit enables continuous access to Google services, even after a user’s password is reset,’ researcher warns

  • Lojcs@lemm.ee
    link
    fedilink
    English
    arrow-up
    58
    arrow-down
    1
    ·
    edit-2
    1 year ago

    I would guess they invalidate all sessions when password is reset, that part is weird.

    Edit: read the thing. The exploit is that they steal some special token chrome stores and by manipulating it they can generate session cookies for the hijacked account. This doesn’t seem related to ltt