Google patches bug that allows attackers to slip past two-factor authentication

Attackers could – until Google issued a fix last Thursday, that is – bypass Google accounts’ two-step login verification, reset a user’s master password, and gain full profile control, just by capturing a user’s application-specific password.

Story added 28. February 2013, content source with full text you can find at link above.