Google search bug could be exploited by phishers

A bug in the Google Search Appliance used by many businesses to search their corporate information could be exploited in a phishing attack, security experts have warned.

A bug in the Google Search Appliance used by many businesses to search their corporate information could be exploited in a phishing attack, security experts have warned.

The NIST.org security news website warned that a Cross-Site Scripting (XSS) vulnerability in the widely used search appliance affects “a lot of large websites, many that are ripe for phishing exploits”.

The flaw was first reported on a hackers’ website and relates to the use of UTF-7 character encoding to bypass special character input handling. Examples have “demonstrated vulnerabilities at some major websites, including large government sites, major universities, etc”, NIST.org said.

The security website has reported the issue to the US Computer Emergency Readiness Team (US-CERT) and to one of the affected government bodies.

But it warned, “With so many financial institutions and government agencies using this appliance it is only a matter of time before this vulnerability is exploited in a large scale phishing attack.”

Comment on this article: computer.weekly@rbi.co.uk

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close