SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#378688

Google Reader cross-site request forgery vulnerability

Overview

Google Reader is vulnerable to a persistent cross-site request forgery attack that may be exploited by a specially crafted RSS feed.

I. Description

Google Reader is an online RSS feed reader. It can display text and images when displaying RSS feeds.

Google Reader contains a cross-site request forgery (XSRF) vulnerability that could be used to prevent a user from logging on to the service.

The Google Reader logoff button can be represented as a hyperlink. An attacker may be able to execute this link by supplying it as an image source in a malicious RSS feed. Once a user subscribes to the RSS feed, they will be unable to login to their Google Reader account.

Note that an attacker would have to convince a user to load a malicious RSS feed to exploit this vulnerability.

II. Impact

A remote unauthenticated attacker may be able to prevent a user from logging in to Google Reader.

III. Solution

We are currently unaware of a practical solution to this problem, however the following workarounds may help mitigate the vulnerability.

Do not load images from third party sites

Preventing third party sites from loading images in your web browser may mitigate this vulnerability. See the references section of this document for information on how to block images in specific browsers.

Systems Affected

VendorStatusDate Updated
GoogleVulnerable18-Apr-2007

References


http://reader.google.com
http://www.gnucitizen.org/blog/persistent-csrf-and-the-hotlink-hell/
http://www.microsoft.com/enable/training/ie6/pictures.aspx
http://kb.mozillazine.org/Permissions.default.image
http://michaeldaw.org/papers/hotlink_persistent_csrf
http://en.wikipedia.org/wiki/Cross-site_request_forgery

Credit

This issue was reported on the GNUCITIZEN blog.

This document was written by Ryan Giobbi.

Other Information

Date Public04/16/2007
Date First Published04/18/2007 12:06:54 PM
Date Last Updated09/12/2007
CERT Advisory 
CVE-ID(s) 
NVD-ID(s) 
US-CERT Technical Alerts 
Metric0.84
Document Revision6

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader