The Glitch Google Hid From You

Short Summary

The video discusses a security flaw in Gmail that allowed users to reset anyone’s password by manipulating cookies. Through this method, one could bypass the standard security questions required for a password reset.

Key Points

• A vulnerability in Gmail enabled password resets based on cookie history.
• If a user had a past session cookie, the process for resetting their password was simplified.
• The speaker, Joseph, created fake cookies to exploit this vulnerability.
• Users could reset passwords even if they provided incorrect answers to security questions.
• This bug was particularly problematic for accounts not using two-step verification.
• The exploit demonstrated the heavy reliance of Gmail’s security on cookies during that period.