Les Jones: Stupid Password Bugs

May 08, 2007

Tech > Stupid Password Bugs

AOL allows users to select a password of up to 16 characters, but ignores all characters after the first eight. So if your password is "password\#)$8;-^" and someone tries breaking into your account with password "password" they're in like Flynn.

What's worse, according to the Slashdot discussion AOL's system isn't the only one with this flaw. Many versions of Solaris and all versions of MacOS up to 10.3 have similar problems. Unbelievable.

Posted by lesjones | TrackBack

Comments

Darn you, Les. Darn you.

This was my post for tomorrow. It's in line right now to be published tomorrow evening.

But I have further technical details that you don't, so nyah!

Posted by: Paul Simer at May 08, 2007

It happens to the best of us. I look forward to the details.

Posted by: Les Jones at May 08, 2007

Huh, I remember accidentally leaving off characters in my password when logging into Mac OS X. It left me thinking I exactly matched the md5sum of my normal password. Now, I realize I was just stupid.

Posted by: Alcibiades at May 09, 2007

Consider that AOL just recently became an OpenID provider and all of their users (whether they know it or not) have an OpenID at AOL... combine that with this not-so-safe way of handling passwords and it's a Identity Theft disaster waiting to happen.

Just passing through and thought I'd put in my 2c...

Posted by: Tara at May 18, 2007