Amazon security flaw lets you log in with wrong password

By on January 31, 2011, 3:08 PM
Reddit users have discovered a security flaw on Amazon that lets you access an older account with an incorrect password. Commenters speculate that Amazon used the Unix crypt() function to encrypt certain passwords, truncating them to a maximum of eight characters long. Additionally, it's believed that Amazon converted all the passwords to upper-case before storing them on its servers.

For example, say your password is "Superman". Amazon's login would accept "superman", "SuPeRmAn", "SUPERMANISCOOL", or "superman12345". Again, this supposedly only affects older passwords, but a precise timeframe isn't known. Two commenters claim their 2008 and 2009 accounts are affected, while others say they haven't changed their password in six years and everything is fine. For what it's worth, the flaw doesn't work on my 2004 account.

An Amazon employee posting on Reddit said the company is aware of the issue and it's being addressed. In the meantime, you can mitigate the problem by going through Amazon's password change procedure. Your "new" password can be identical to your old one, but it will be stored with improved security.




User Comments: 6

Got something to say? Post a comment
Mizzou Mizzou said:

Went ahead and changed my password, am one of those that hasn't in 5 or 6 years.

gwailo247, TechSpot Chancellor, said:

Mizzou said:

Went ahead and changed my password, am one of those that hasn't in 5 or 6 years.

Lol, me too.

Tekkaraiden Tekkaraiden said:

Probably a good thing I forget my password from time to time, that way I have to change it.

Leeky Leeky said:

Changed mine as well.

Guest said:

Changed mine from "password" to "drowssap".

Guest said:

Tried to log in with "wrong password". Didn't work.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.