Hackers discover way to access Google accounts without a password::‘Exploit enables continuous access to Google services, even after a user’s password is reset,’ researcher warns

  • fatalicus
    link
    fedilink
    English
    1411 months ago

    So it is session hijacking, something that has been known for a while?

    • @Cornelius_Wangenheim@lemmy.world
      link
      fedilink
      English
      9
      edit-2
      11 months ago

      The main difference that makes this worse is that they can get persistence and maintain access even if the user resets their password (i.e. revoke session tokens). Hackers are usually limited to the fairly short lifetime of the session token (usually a few hours).