Amazon.com Password limit

From: Vishal Ganeriwala (gvishalat_private)
Date: Wed Apr 17 2002 - 19:24:13 PDT

Next message: Mauro Lacy: "Remote Timing Techniques over TCP/IP"

Previous message: Frédéric Raynal: "Howto exploit a remote format bug automatically"
Next in thread: jon schatz: "Re: Amazon.com Password limit"
Reply: jon schatz: "Re: Amazon.com Password limit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) I found out something in amazon.com . I made a new account username : 1abcat_private password 12345678 and tried to login with pasword : 12345678anything password: 1234567899999999 it lets me login . That means max password lenght for amazon is 8 chars . It truncts everything after 8 chars. and Amazon doesn't tell you to choose password of maximum 8 chars . I dont know security implications . But the information is useful if one is trying to bruteforce a account since he knows max password lenght is 8 char . Vishal .

Next message: Mauro Lacy: "Remote Timing Techniques over TCP/IP"
Previous message: Frédéric Raynal: "Howto exploit a remote format bug automatically"
Next in thread: jon schatz: "Re: Amazon.com Password limit"
Reply: jon schatz: "Re: Amazon.com Password limit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 18 2002 - 18:56:30 PDT