xBORDER-LOGO-PLANET.png

NAME: XBO-GOBA1

P. Oldenburger @ xBORDER

API-OATH HACK, ZERO DAY VULNERABILITY FOUND IN GOOGLE

April 4, 2020, Amsterdam Netherlands

BUG NAME=

XBO-GOBA1 -  Google API OATH Authorization Bug, found on 4 April 2020.

 

6 April 2020,  Amsterdam Netherlands.

 

xBORDER NERD BO-X.iO BUG Analysts, # xBORDER Research team found a mayor authorization Bug in the Google Admin Application Softwaremrun on 13.4 OSX, Reset Password DIsabled Full Administrator Access to all underlying Nodes, Domains, and Admins.

 

This Bug can have a serious impact -- it can have major complications when Administrator Access / Super Admins are disabled to DomainReg, "DNS, MX, NAMES, A, AA"  Access. This can be resolved by rewriting the OATH access API in that Application.     See pictures for details. 

This is a config Error that can be used as a gate to full access of ALL google applications.

Restore of Original Values are virtually impossible due to WHOIS restrictions on google.domains, CNAME updates are virtually impossible due to non-access. this is a RE-LOOP Bu and could have a major impact.

P.Oldenburger

# NERD BO-X.iO @ xBORDER

 ! AN ODE {  xBORDER  }  - VOC-X "VALUE:  +10 } , VOC-X Crawlers deployed on this Oath bug can leech massive amounts of user data, company data.

 

FIRST REPORT 2 GOOGLE @4ARIL2020Google Cases ref: 2-6991000030256 Senior Google Specialists.

THE UNITED FEDERATION OF NERDS

BO-X.iO - xBORDERS BUG HUNTERS

 

BUG :XBO-GDB2

GOOGLE.DOMAINS LOGIN DEBUGGED

Bug found on 4 April 2020.

 

6 April 2020,  Amsterdam Netherlands.

 

Our Research team found a mayor Access & Authorization Bug @ Google, 

Gmail & Domain.google syn are non-compatible. G-mail, Gsuit re-access need CNAME implements, however Google.Domains is not acc. by login, This has mayor impact on Googlists that use the Gsuit & Google domain service. Access is imposible to recover. 

 

This Bug can have a serious impact because it can have major complications when Administrator Access / Super Admins are disabled to DomainReg, "DNS, MX, NAMES, A, AA"  Access. This can be resolved by rewriting the OATH access API in that Application oorn Seperating access control in Gsuite/Gmail and Domains. 

P.Oldenburger 2020

Amsterdam Netherlands.

 ! ANODE {  xBORDER  }  - VOC-X "VALUE:  +7 } ,

VOC-X Crawlers deployed on this Oath bug can Open Backdoor into Domain access.

Screenshot 2020-04-09 at 6.46.59 PM.png

MICROSOFT WINDOWS 

REGISTERY CORRUPTIONS

 

UNITED FEDERATION OF NERDS

UNITED FEDERATION OF NERDS