Open Source News » Slashdot: IT » Amazon Flaw Lets Password Variants Through

Feeds

34738 items (30225 unread) in 5 feeds

OpenSource (5767 unread)

• SourceForge.net: Front page news (802 unread)
• Slashdot: IT (4965 unread)

Security (11370 unread)

• Digg / Security (11370 unread)

Linux (13088 unread)

• digg / Linux/Unix (11427 unread)
• Slashdot: Linux (1661 unread)

Slashdot: IT

• 

  Amazon Flaw Lets Password Variants Through

  Posted: January 29th, 2011, 1:17am CET by timothy

  Tags:  security  

  Wired reports that it has confirmed a password flaw affecting some Amazon accounts. If your password hasn't been changed in a while ("the past several years"), it may be less secure than you'd like. As Wired explains, for these older accounts, "[...] if your password is “Password,” Amazon.com will also let you log in with 'PASSWORD,' 'password,' 'passwordpassword,' and 'password1234.'" The article suggests that Amazon's use of the Unix crypt() tool may be at fault. (Hat tip to E. Maureen Foley for pointing this out.)

  Read more of this story at Slashdot.