11 Amazon logoIt has been reported that there is a flaw that exists on the Amazon site that actually allows customers to log into the without using their exact password. Basically, if a person’s password is PASSWORD, users can enter “password”, “passwordpassword”, “password12345″ to login to the account – and it will still work, because the site still employs an ancient password encrypting technique that truncates passwords after the 8th character for some accounts that have kept the same password for many years. This exploit meant that users were not able to protect their accounts with passwords longer than 8 characters. Fortunately, Amazon has solved this problem – users just need to update their password, and it should automatically upgrade the password encryption. Don’t say we didn’t warn you!

Filed in Web. Read more about Amazon, bug, password and Security.

User Comments