Google is reporting it has fixed a bug in its password-reset system that would have allowed anyone able to spoof a reminder from Gmail to take over all a user’s Google accounts and threaten any to which they’re connected.
The “high impact” security hole was identified Nov. 21 by security auditor and penetration tester Oren Hafif, who was testing the password-reset process on Gmail.
From Raw Story
