Re: AOL passwords
From: Remington Winters (fyreguy@rivetgeek.com)Date: 05/02/02
- Previous message: Muhammad Faisal Rauf Danka: "Re: AOL passwords / crypt() and online brute forcing"
- In reply to: Jacob McMaster: "AOL passwords"
- Next in thread: Nexus: "Re: AOL passwords"
- Reply: Nexus: "Re: AOL passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Remington Winters" <fyreguy@rivetgeek.com> To: <vuln-dev@securityfocus.com> Date: Wed, 1 May 2002 16:12:38 -0700
Also, of note is this: Try adding ^ to your password, say at the end of it.
Now type in your password without that carrot. Gee still works just
fine......seems aol strips out at least that character and most likely all
non alphanumerics and upper ascii.
----- Original Message -----
From: "Jacob McMaster" <jmcmaster@appliedsystems.com>
To: <vuln-dev@securityfocus.com>
Sent: Wednesday, May 01, 2002 7:41 AM
Subject: AOL passwords
> I don't know if anyone has said this but, AOL allows you to use a 8+
> character password, but when signing in it will only check the first 8
> character and then it doesn't matter if you type the rest of the password
or
> type the rest of it wrong it will let you in that account. Also their
> access to your email via the web, it will actually tell you its the wrong
> password if your password is over 8 characters and you type the whole
thing
> in, you have to type only the 1st 8 characters to get into it. Not sure
> this is a major issue, but would make the cracking process eaiser for
> someone if they know there is a max of 8 characters needed.
>
- Previous message: Muhammad Faisal Rauf Danka: "Re: AOL passwords / crypt() and online brute forcing"
- In reply to: Jacob McMaster: "AOL passwords"
- Next in thread: Nexus: "Re: AOL passwords"
- Reply: Nexus: "Re: AOL passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
