|
|
|
|
|
|
by switchupcb
1263 days ago
|
|
|
I submitted a similar issue regarding Google Drive folders. I don't think submitting this issue will earn OP any money as a "significant security vulnerability": In other words, Google will not consider this a significant security vulnerability. > While our highest-impact services (e.g., Google Wallet, Gmail) are designed to make cookies expire very shortly after the user logs out, we believe that most potential exploitation vectors for this behavior fall outside the security model of modern browsers and operating systems, and can't be meaningfully mitigated by any single website. > Check this link for more info: https://sites.google.com/site/bughunteruniversity/nonvuln/co... Note: The issue I submitted was related to revoking all sessions (authentication) as well. |
|
|
I don't think OP wants to claim a bounty (and anyway, probably doesn't have the details needed), OP just wants the issue fixed. Getting the issue looked at by someome who cares is more likely in the bounty program than through google customer support, because bug bounty triagers need to be empowered to communicate with people empowered to fix issues and google customer support isn't so empowered.
In a good customer service organization, an issue like this should get escalated, but that's not the reality at google, and not at too many other places either.