Vulnerability Development mailing list archives
Re: AOL passwords
From: "Remington Winters" <fyreguy () rivetgeek com>
Date: Wed, 1 May 2002 16:12:38 -0700
Also, of note is this: Try adding ^ to your password, say at the end of it. Now type in your password without that carrot. Gee still works just fine......seems aol strips out at least that character and most likely all non alphanumerics and upper ascii. ----- Original Message ----- From: "Jacob McMaster" <jmcmaster () appliedsystems com> To: <vuln-dev () securityfocus com> Sent: Wednesday, May 01, 2002 7:41 AM Subject: AOL passwords
I don't know if anyone has said this but, AOL allows you to use a 8+ character password, but when signing in it will only check the first 8 character and then it doesn't matter if you type the rest of the password
or
type the rest of it wrong it will let you in that account. Also their access to your email via the web, it will actually tell you its the wrong password if your password is over 8 characters and you type the whole
thing
in, you have to type only the 1st 8 characters to get into it. Not sure this is a major issue, but would make the cracking process eaiser for someone if they know there is a max of 8 characters needed.
Current thread:
- AOL passwords Jacob McMaster (May 01)
- Re: AOL passwords Remington Winters (May 01)
- Re: AOL passwords Nexus (May 01)
- <Possible follow-ups>
- RE: AOL passwords TUTTLE, TERESA A (SBCSI) (May 01)
- RE: AOL passwords jon schatz (May 01)
- Re: AOL passwords Remington Winters (May 01)