Beyond the Vulnerabilities of the Application Specific Password: Exploiting Google Chrome’s OAuth2 Tokens
Earlier this year, we wrote about how any Google Application Specific Password (ASP) could be used to bypass 2-Step Verification. Although Google issued a fix to prevent account compromise, your ASPs can still be used to do almost anything else with your Google account.