My password is 9 characters long, I accidentally typed in only 8 of the characters, omitting the last. It still logged me in correctly and to the correct account. This seems like a problem to me. I don't know if it applies to a certain number of characters or what, but I see this as a fairly crucial flaw in security. If it's (for some reason) only matching all but the "last character" what if someone has a 6 character password, it would take what? 30 minutes of a brute force password generator to break that because all it needs to have is 5 characters.
Thanks for any kind of prompt response.
Control Panel Security Flaw
-
FlyingMongoose
- This is my homepage
- Posts: 353
- https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
- Joined: Fri Sep 17, 2004 7:50 pm
- Contact:
Re: Control Panel Security Flaw
Hi,
Are you sure you didn't accidentally hit the correct last number? I attempted to do this multiple times and was unable to duplicate.
Are you sure you didn't accidentally hit the correct last number? I attempted to do this multiple times and was unable to duplicate.
@Kraze^NFo> Juski has a very valid point
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
Re: Control Panel Security Flaw
Sounds like auto-complete might have kicked in...
Re: Control Panel Security Flaw
If you have an extremely old account (sub-2006 or something like that) and haven't changed your password since that time period, then you may still have an old-style password in the system. If you change/update it, you'll be updated to a type that uses a much more secure hash.
I recommend using a secure password that you change regularly.
I recommend using a secure password that you change regularly.