Google's high profile webmail service, Gmail, is vulnerable to a security exploit that might allow hackers full access to a user's email account simply by knowing the user name, according to reports. The security flaw allows full access to users' accounts, with no need of a password, Israeli news site Nana says.
Using a hex-encoded XSS link, the victim's cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of an email account, regardless of whether or not the password is subsequently changed. Following up a tip from an Israeli hacker, journos from the site confirmed the attack and verified the exploit with local security firm Aladdin Knowledge Systems.
News source: The Register