A researcher has uncovered protection holes in Google’s bug-tracking database that could have potentially evolved in malicious hackers accessing sensitive information, including details of condition to exploit unpatched vulnerabilities in Google products.Researcher Alex Birsan has identified how he managed to trick Google Issue Tracker (known internally to Google personnel as Buganizer) into granting him access to much more information than force normally be allowed to external parties.And the crux of the attack? Birsan establish a way to trick Google into registering a @google.com account for him, something normally sedate for the company’s employees.Normally Gmail prevents someone from spawning an account with a @google.com address, but Birsan found a workaround:
If I indicated up with any other fake email address, but failed to confirm the account by clicking on a interdependence couple received by email, I was allowed to change my email address without any limitations. Consuming this method, I changed the email of a fresh Google account to email@example.com.Although the illusory email address wasn’t enough to let Birsan past Google’s corporate login call for, it did grant him a number of other benefits – including what appeared to be access to Google’s corporate cab service, as well as deeper access into the company’s bug tracking process.In addition, the researcher found a way to remove the limited functionality normally in deposit for outside developers accessing Google’s Issue Tracker.Bugs in the organized whole could have helped unauthorised parties access details of every vulnerability study sent to Google, opening the door for exploitation before a fix is made close by.As Birsan explains, the consequences of a data breach could have been crucial:“There are about 2000–3000 issues per hour being opened during the charge hours in Mountain View, and only 0.1% of them are public. Have all the hallmarks like a data leak in this system would have a extremely big impact.”Thankfully, Birsan is one of the good guys – and informed Google responsibly of the vulnerabilities so that they could be make up promptly. For his efforts he was awarded a total of $15,600 in bounties.But you can’t help but characterize as that intelligence agencies and organised criminals would probably pull someones leg been prepared to pay far more for details of bugs in Google’s system of a piece with this, especially when you consider the value of the unpatched vulnerabilities and take advantage of code that could have spilled out as a result. Editor’s Note: The evaluations expressed in this guest author article are solely those of the contributor, and do not not reflect those of Tripwire, Inc.