Bugs Discovered in Google’s Bug Tracker Platform Issue Tracker

Researchers has discovered a bug in Google’s bug tracker platform Issue tracker which could have given hackers access to company’s internal systems.Issue tracker which is internally called by google staffs as buganizer system is a tool used to track bugs

Researchers has discovered a bug in Google’s bug tracker platform Issue tracker which could have given hackers access to company’s internal systems. Issue tracker which is internally called by google staffs as buganizer system is a tool used to track bugs and it is also used by external public and partners. Users who need to collaborate with Google teams on specific projects. Alex Birsan, the security researcher who discovered the vulnerabilities said several vulnerabilities were found out of which one was critical which allowed him to access Google's internal system. This critical vulnerability can help hackers to get details of every vulnerability reported to Google by users.

You may also like reading: Dangerous ‘Packed’ Malware on Google Play

Birsan found the bug in issue tracker when he was checking the working of Issue tracker when a bug was reported. He found something suspicious and understood that he needs a @google.com email id to access further. Usually, Gmail does not allow anyone to create an email id with google.com address, and Birsan found a method to bypass it by creating a fake email id and when failed to click the confirm link send by Gmail you were allowed to change email address without any limitations. Birsan changed the email of his account into [email protected] using this method and logged in to Issue tracker using this. Then it was redirected to the Google’s corporate login page where google credentials were useless, but it can be used for other purposes in other places across the internet like access to Google's corporate taxi service said Birsan. When the bugs were examined closely, it was found that there was a flaw in tracker which notifies about the progress of a software, but apparently, there was only translation related conversation in that. Birsan said that when the API of Issue Tracker was tested and it was found that it was able to receive all details about a bug just by asking it to remove a person or email id from the thread. He found out that there is an option for external researchers to remove themselves from the email list but this mechanism had a problem that Google is not ensuring whether the user who requested to be removed has the permission to access the issue. Alex Birsan said that he noticed some oversights which can lead to huge problem which are given below:

1. Improper access control: There was no explicit check that the current user actually had access to the issues specified in issueIds before attempting to perform the given action.
2. Silent failure: If you provided an email address that was not currently in the CCs list, the endpoint would return a message stating the email had been removed successfully.
3. Full issue details in response: If no errors occurred during the action, another part of the system assumed that the user had proper permissions. Thus, every single detail about the given issue ID would be returned in the HTTP response body."

You may be interested in reading: New Variant Bankbot Malware Targets Google Play

All the bugs were reported to Google and was patched immediately. Birsan was awarded a total amount of $15,600 for reporting the bugs. "We appreciate Alex's report. We've patched the vulnerabilities that he reported, as well as their variants." said in an email statement by Google spokesperson.

Read more on :10 Key Information Security Mistakes Organizations Make! How to Fix Them?

---

About the Author