Amazon.com Password limit

From: Vishal Ganeriwala (gvishal@ufl.edu)
Date: 04/18/02 

Date: 18 Apr 2002 02:24:13 -0000
From: Vishal Ganeriwala <gvishal@ufl.edu>
To: bugtraq@securityfocus.com
('binary' encoding is not supported, stored as-is)

I found out something in amazon.com . I made a
new account
username : 1abc@a.com
password 12345678
and tried to login with
pasword : 12345678anything
password: 1234567899999999
it lets me login . That means max password lenght
for amazon is 8 chars . It truncts everything after 8
chars. and Amazon doesn't tell you to choose
password of maximum 8 chars . I dont know security
implications . But the information is useful if one is
trying to bruteforce a account since he knows max
password lenght is 8 char .

Vishal .

Relevant Pages

  • Re: Tough password question!
    ... Windows XP client machine and the admin whose password contains " cannot log ... >> complicated including non-alpha chars to join the domain. ... it will not login when the admin ... >> account and it will login if I change the domain admin password to ...
    (microsoft.public.windows.server.active_directory)
  • Weakness introduced by denying remote logins on AIX, possibly others
    ... AIX 4.3.3 and AIX 5.1, ... is possible to remotely enumerate the passwords of a known AIX account. ... believed to be in the response from the login program after authentication ... Give accounts that have been restricted from remote logins strong passwords. ...
    (Security-Basics)
  • Re: Please! Doesnt anyone know a better way to do this?
    ... account, they need to automatically be directed to the page to enter data ... session variable on the Account page. ... I assume here that you're checking a database when the user attempts to ... When a new user attempts to login or clicks to register, ...
    (microsoft.public.dotnet.framework.aspnet)
  • WinXP laptop, simple-style login conn to Win2000 share, error
    ... So, to simplify matters, add all machines to the domain. ... local machine accounts) to keep track of... ... the local account information. ... the "pushbutton login") and configure the Laptops to auto ...
    (microsoft.public.windowsxp.security_admin)
  • Dexia website security alert
    ... A few days ago I sent a mail to the Dexia bank about their ... one is for the online banking account and one is for some ... The problem with the "members' login" was that a) it was ... selected the wrong login by mistake your username and password were ...
    (Security-Basics)
Loading