Security Flaw Accepts Passwords That Are Close, But Not Exact

Dylan Tweney reports:

An security flaw allows some customers to log in with variations of their actual password that are close to, but not exactly, their real password.

The flaw lets Amazon accept as valid some passwords that have extra characters added on after the 8th character, and also makes the password case-insensitive.

For example, if your password is “Password,” will also let you log in with “PASSWORD,” “password,” “passwordpassword,” and “password12345.”

Wired has been able to confirm the flaw, which was first reported on Reddit. It appears to affect only older accounts, which have not had their passwords changed in the past several years.


About the author: Dissent

Comments are closed.