Vulnerability Development mailing list archives
RE: AOL passwords
From: "TUTTLE, TERESA A (SBCSI)" <tt6361 () sbc com>
Date: Wed, 1 May 2002 12:01:53 -0500
Jacob -
I believe this has always been true of most versions of Unix I'm
familiar with. Also take into account the fact that there are only 7 random
bits per character and you're getting even less protection than you first
think!
Terri Tuttle
-----Original Message-----
From: Jacob McMaster [mailto:jmcmaster () appliedsystems com]
Sent: Wednesday, May 01, 2002 9:42 AM
To: vuln-dev () securityfocus com
Subject: AOL passwords
I don't know if anyone has said this but, AOL allows you to use a 8+
character password, but when signing in it will only check the first 8
character and then it doesn't matter if you type the rest of the password or
type the rest of it wrong it will let you in that account. Also their
access to your email via the web, it will actually tell you its the wrong
password if your password is over 8 characters and you type the whole thing
in, you have to type only the 1st 8 characters to get into it. Not sure
this is a major issue, but would make the cracking process eaiser for
someone if they know there is a max of 8 characters needed.
Current thread:
- AOL passwords Jacob McMaster (May 01)
- Re: AOL passwords Remington Winters (May 01)
- Re: AOL passwords Nexus (May 01)
- <Possible follow-ups>
- RE: AOL passwords TUTTLE, TERESA A (SBCSI) (May 01)
- RE: AOL passwords jon schatz (May 01)
- Re: AOL passwords Remington Winters (May 01)