Amazon.com Security Flaw Accepts Passwords That Are Close, But Not Exact

Discussion in 'other security issues & news' started by hawki, Jan 29, 2011.

Thread Status:
Not open for further replies.
  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,077
    Location:
    DC Metro Area
    An Amazon.com security flaw allows some customers to log in with variations of their actual password that are close to, but not exactly, their real password.

    The flaw lets Amazon accept as valid some passwords that have extra characters added on after the 8th character, and also makes the password case-insensitive.

    For example, if your password is “Password,” Amazon.com will also let you log in with “PASSWORD,” “password,” “passwordpassword,” and “password12345.”

    http://www.wired.com/threatlevel/2011/01/amazon-password-problem/

    If you are on Amazon with an old password, change it now!

    Amazon has a confirmed technical flaw if you have not changed your password in a very long time.

    http://stuff.techwhack.com/10703-amazon-password-change
     
    hawki, Jan 29, 2011
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...