Password problem on Amazon.com

Posted in Amazon by Conner Flynn on January 29th, 2011

It has been reported that there is a security flaw on the Amazon site that allows customers to log into their account without using their exact password. For example, if your password is PASSWORD, users can enter “password”, “passwordpassword”, “password12345″ to login to the account and it will still work.

This is apparently because the site still uses an old password encrypting technique that truncates passwords after the 8th character for some accounts that have kept the same password for many years. So users were not able to protect their accounts with passwords longer than 8 characters. However, Amazon has solved the problem – users just need to update their password, and it should automatically upgrade the password encryption.

[Ubergizmo]

Share:
TAGS: , , ,


_