Amazon.com Password limit

From: Vishal Ganeriwala (gvishal@ufl.edu)
Date: 04/18/02 

Date: 18 Apr 2002 02:24:13 -0000
From: Vishal Ganeriwala <gvishal@ufl.edu>
To: bugtraq@securityfocus.com
('binary' encoding is not supported, stored as-is)

I found out something in amazon.com . I made a
new account
username : 1abc@a.com
password 12345678
and tried to login with
pasword : 12345678anything
password: 1234567899999999
it lets me login . That means max password lenght
for amazon is 8 chars . It truncts everything after 8
chars. and Amazon doesn't tell you to choose
password of maximum 8 chars . I dont know security
implications . But the information is useful if one is
trying to bruteforce a account since he knows max
password lenght is 8 char .

Vishal .

Relevant Pages

  • Re: Tough password question!
    ... Windows XP client machine and the admin whose password contains " cannot log ... >> complicated including non-alpha chars to join the domain. ... it will not login when the admin ... >> account and it will login if I change the domain admin password to ...
    (microsoft.public.windows.server.active_directory)
  • Weakness introduced by denying remote logins on AIX, possibly others
    ... AIX 4.3.3 and AIX 5.1, ... is possible to remotely enumerate the passwords of a known AIX account. ... believed to be in the response from the login program after authentication ... Give accounts that have been restricted from remote logins strong passwords. ...
    (Security-Basics)
  • Re: Please! Doesnt anyone know a better way to do this?
    ... account, they need to automatically be directed to the page to enter data ... session variable on the Account page. ... I assume here that you're checking a database when the user attempts to ... When a new user attempts to login or clicks to register, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: AD Security Groups break Authentication
    ... I can do a domain login using my own account & a couple others, but one specific account can't login. ... My ping testing showed that 1430 was the highest MTU setting that wouldn't result in fragmentation. ... As soon as the network engineers changed the MTU from the default of 1500 to 1400, all domain traffic stopped and they detected a ton of errors, so we restored the MTU to 1500. ...
    (microsoft.public.windows.server.active_directory)
  • Need example of working PAM.CONF file that enables ssh login using winbind and AD
    ... login into my system using ssh. ... (explicit because of pam_rhost_auth) ... # Default definitions for Authentication management ... cron account required ...
    (SunManagers)