[25157] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Amazon.com Password limit

daemon@ATHENA.MIT.EDU (Vishal Ganeriwala)
Thu Apr 18 21:56:51 2002

Date: 18 Apr 2002 02:24:13 -0000
Message-ID: <20020418022413.4219.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Vishal Ganeriwala <gvishal@ufl.edu>
To: bugtraq@securityfocus.com

I found out something in amazon.com  . I made a 
new account 
username : 1abc@a.com 
password 12345678
and tried to login  with 
pasword : 12345678anything
password: 1234567899999999
it lets me login . That means max password lenght 
for amazon is 8 chars  . It truncts everything after 8 
chars. and Amazon doesn't tell you to choose 
password of maximum 8 chars .  I dont know security 
implications . But the information is useful if one is 
trying to bruteforce a account since he knows max 
password lenght is 8 char . 

Vishal .


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[25157] in bugtraq

Amazon.com Password limit

daemon@ATHENA.MIT.EDU (Vishal Ganeriwala)Thu Apr 18 21:56:51 2002

daemon@ATHENA.MIT.EDU (Vishal Ganeriwala)
Thu Apr 18 21:56:51 2002