Amazon security flaw lets you log in with wrong password

Reddit users have discovered a security flaw on Amazon that lets you access an older account with an incorrect password. Commenters speculate that Amazon used the Unix crypt() function to encrypt certain passwords, truncating them to a maximum of eight characters long. Additionally, it's believed that Amazon converted all the passwords to upper-case before storing them on its servers.

Read Full Story >>
The story is too old to be commented.
Speed-Racer2092d ago

Yea I read about this on Reddit earlier this week, personally it's not a massive flaw if no one has an idea what your password string might be like, but if they had an idea that you use the same pass across the web and know the pass, then you're screwed. Since the gawker incident, I have gone across to using a unique pass per site. MY old one was complicated but I used it almost everywhere.

-Mezzo-2092d ago

This is alarming, i do all my Online Shopping through Amazon & have around $200 in account all the time.

I have a really long and hard to remember password, but still, anyone can log into my Account, i hope Amazon fixes this Bug soon.

Mr_Anderson2092d ago

FTA: "In the meantime, you can mitigate the problem by going through Amazon's password change procedure. Your "new" password can be dentical to your old one, but it will be stored with improved security."

Simple fix. E-Mails need to be sent out containing this information.

snoop_dizzle2091d ago

My password was pretty long in hopes that it would be more secure, but maybe it isn't. :/ Though I did change it not to long ago.

-Mezzo-2091d ago

I just changed my Password as well, & sent an Email to Amazon informing them of the BUG, if they didn't already knew.

Speed-Racer2091d ago

I once left my account open at work once and someone bought hand soap with it :/

Syko2091d ago

Dude that is hilarious. You think someone would go bigger than hand soap though. I would have ordered a line up and started smelling hands.

toaster2091d ago

Who the heck buys hand soap online anyways....