[aur-general] No confirmation link received

Menachem Moystoviz moystovi at g.jct.ac.il
Thu Sep 20 06:29:29 EDT 2012


On Thu, Sep 20, 2012 at 1:13 AM, Evangelos Foutras
<evangelos at foutrelis.com> wrote:
> On Thu, Sep 20, 2012 at 1:03 AM, Menachem Moystoviz
> <moystovi at g.jct.ac.il> wrote:
>> Couldn't you register kuppidon at gmail.com with gmail, and then try
>> using the reset password form?
>> It should cause the password reset email to be sent to the new account
>> - allowing you to use seyz as your username.
>>
>> Of course, I'm assuming you're legit, since this attack vector is also
>> used in cracking attempts in order to enter into old
>> accounts - which can allow for social privilege escalation.
>
> "Gmail usernames cannot be recreated after they've been deleted." [1]
>
> :p
>
> [1] https://support.google.com/accounts/bin/answer.py?hl=en&answer=1212172

Doesn't that just mean they can't restore the data for that account?
In other words, are you implying they keep a blacklist of all accounts
registered ever,
and block all attempts to register deleted accounts?

Please try my solution - can't test it myself since I'm rushing to the bus.

Gesh


More information about the aur-general mailing list