According to the register:
Google's high profile webmail service, Gmail, is vulnerable to a security exploit that might allow hackers full access to a user's email account simply by knowing the user name, according to reports.
http://www.theregister.co.uk/2004/10/29/gmail_vuln/

Afaik the exploit code has not been disclosed yet
When approached, Google admitted to the security flaw. Google also assured us that this matter is being resolved, and that "the company will go to any length to protect its users".
http://net.nana.co.il/Article/?ArticleID=155025&sid=10