A bug in the Google Search Appliance used by many businesses to search their corporate information could be exploited in a phishing attack, security experts have warned.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The NIST.org security news website warned that a Cross-Site Scripting (XSS) vulnerability in the widely used search appliance affects “a lot of large websites, many that are ripe for phishing exploits”.
The flaw was first reported on a hackers’ website and relates to the use of UTF-7 character encoding to bypass special character input handling. Examples have “demonstrated vulnerabilities at some major websites, including large government sites, major universities, etc”, NIST.org said.
The security website has reported the issue to the US Computer Emergency Readiness Team (US-CERT) and to one of the affected government bodies.
But it warned, “With so many financial institutions and government agencies using this appliance it is only a matter of time before this vulnerability is exploited in a large scale phishing attack.”
Comment on this article: firstname.lastname@example.org