On Wed, Jan 21, 2015 at 2:26 PM, kevin mcsheehan <[email protected]> wrote:
> exploit title: full name disclosure information leak in google drive > software link: https://drive.google.com/drive/#my-drive > author: kevin mcsheehan > website: http://mcsheehan.com > email: [email protected] > date: 01/20/15 > > source: http://mcsheehan.com/?p=15 > > description: google drive leaks the full name of a target email address > when said email address is associated with an uploaded file. the full name > is displayed whether or not the target has made that information publicly > accessible by creating a google plus account. > I'm pretty sure Google doesn't consider this sort of thing a vulnerability. Here's their "it's not a bug" page for it: https://sites.google.com/site/bughunteruniversity/nonvuln/discover-your-name-based-on-e-mail-address Dan _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
