[openssl-users] Fwd: CONGRATULATION____REF#87670
noloader at gmail.com
Mon Apr 4 16:08:56 UTC 2016
> And anyway, this seems to be a case where the genuine
> operator of an e-mail domain is failing to correctly
> authenticate submissions by their own users, which no
> amount of 3rd party automation (other than blacklisting
> the failing provider, in this case gmail) could stop.
Yeah, I'm guessing there was a vulnerability in one of the other
Google services, and that Google service was allowed to make web-based
email submissions on behalf of the user. Classic injection and failure
to validate sessions or parameters...
I'm also guessing Google fixed it because it has stopped.
More information about the openssl-users