Home > slashdot > Amazon Flaw Lets Password Variants Through

Amazon Flaw Lets Password Variants Through

January 28th, 2011 01:17 admin Leave a comment Go to comments


Wired reports that it has confirmed a password flaw affecting some Amazon accounts. If your password hasn’t been changed in a while (“the past several years”), it may be less secure than you’d like. As Wired explains, for these older accounts, “[...] if your password is “Password,” Amazon.com will also let you log in with ‘PASSWORD,’ ‘password,’ ‘passwordpassword,’ and ‘password1234.’” The article suggests that Amazon’s use of the Unix crypt() tool may be at fault. (Hat tip to E. Maureen Foley for pointing this out.)

Source: Amazon Flaw Lets Password Variants Through

Related Articles:

  1. The Windows Flaw That Cracks Amazon Web Services
  2. Botnet Flaw Lets Researchers Disrupt Attacks
  3. IE Flaw Lets Sites Track Your Mouse Cursor, Even When You Aren’t Browsing
  4. Microsoft Patches Major Hotmail 0-day Flaw After Widespread Exploitation
  5. Amazon Lets Students Rent Digital Textbooks
blog comments powered by Disqus