Strange access bug to corporate google mail
Greetings
I will tell this story about my personal social hole in corporate google mail:
We have an e-mail address hung on Google Apps for Business. Corporate domain is also tied there. That is, we work as if with Google Mail, but in the corner of the left corporate logo. I screwed my work address via POP3 / SMTP to my private Google Mail so that you could work at home and send all the letters to one place.
The time has passed - I quit. It was necessary to finish some working conversations - I finished them already from home, but from a working address. And so, when I went to the settings of a private google post to screw in a new work address, what was my surprise when I saw the most terrible red alert about the fact that my old work mail account did not receive and did not send letters as 2 weeks because of the impossibility of login!
')
I went to see the details: indeed, robots do not lie, login attempts every hour, all the time AUTHERROR. And then it dawned on me that our ingenious admin from the old work, instead of deleting my account, just changed the password on it, hoping to find my correspondence with competitors, photos of a naked wife, children and pets. And Google, apparently, considered that the admin was a fool and should not be taken seriously, and continues to give me full access to the account via POP3 / SMTP.
How do you like it, dear? I, of course, understand that human stupidity is infinite, and Google cannot foresee everything. But the hole is still there, mostly social, but, as they say, access is granted;)
ps: I decided to add a little for clarity: this would theoretically be possible on the administrator’s explicit request, so that I could have access to my account for some time. But why did he then change the password without warning? It is in order that I did not have access. Here is the bug and it turns out.
I will tell this story about my personal social hole in corporate google mail:
We have an e-mail address hung on Google Apps for Business. Corporate domain is also tied there. That is, we work as if with Google Mail, but in the corner of the left corporate logo. I screwed my work address via POP3 / SMTP to my private Google Mail so that you could work at home and send all the letters to one place.
The time has passed - I quit. It was necessary to finish some working conversations - I finished them already from home, but from a working address. And so, when I went to the settings of a private google post to screw in a new work address, what was my surprise when I saw the most terrible red alert about the fact that my old work mail account did not receive and did not send letters as 2 weeks because of the impossibility of login!
')
I went to see the details: indeed, robots do not lie, login attempts every hour, all the time AUTHERROR. And then it dawned on me that our ingenious admin from the old work, instead of deleting my account, just changed the password on it, hoping to find my correspondence with competitors, photos of a naked wife, children and pets. And Google, apparently, considered that the admin was a fool and should not be taken seriously, and continues to give me full access to the account via POP3 / SMTP.
How do you like it, dear? I, of course, understand that human stupidity is infinite, and Google cannot foresee everything. But the hole is still there, mostly social, but, as they say, access is granted;)
ps: I decided to add a little for clarity: this would theoretically be possible on the administrator’s explicit request, so that I could have access to my account for some time. But why did he then change the password without warning? It is in order that I did not have access. Here is the bug and it turns out.
Source: https://habr.com/ru/post/143440/
All Articles