Vulnerability Development mailing list archives
RE: AOL passwords
From: "TUTTLE, TERESA A (SBCSI)" <tt6361 () sbc com>
Date: Wed, 1 May 2002 12:01:53 -0500
Jacob - I believe this has always been true of most versions of Unix I'm familiar with. Also take into account the fact that there are only 7 random bits per character and you're getting even less protection than you first think! Terri Tuttle -----Original Message----- From: Jacob McMaster [mailto:jmcmaster () appliedsystems com] Sent: Wednesday, May 01, 2002 9:42 AM To: vuln-dev () securityfocus com Subject: AOL passwords I don't know if anyone has said this but, AOL allows you to use a 8+ character password, but when signing in it will only check the first 8 character and then it doesn't matter if you type the rest of the password or type the rest of it wrong it will let you in that account. Also their access to your email via the web, it will actually tell you its the wrong password if your password is over 8 characters and you type the whole thing in, you have to type only the 1st 8 characters to get into it. Not sure this is a major issue, but would make the cracking process eaiser for someone if they know there is a max of 8 characters needed.
Current thread:
- AOL passwords Jacob McMaster (May 01)
- Re: AOL passwords Remington Winters (May 01)
- Re: AOL passwords Nexus (May 01)
- <Possible follow-ups>
- RE: AOL passwords TUTTLE, TERESA A (SBCSI) (May 01)
- RE: AOL passwords jon schatz (May 01)
- Re: AOL passwords Remington Winters (May 01)