Also, of note is this: Try adding ^ to your password, say at the end of it.
Now type in your password without that carrot. Gee still works just
fine......seems aol strips out at least that character and most likely all
non alphanumerics and upper ascii.

----- Original Message -----
From: "Jacob McMaster" <jmcmasterappliedsystems.com>
To: <vuln-devsecurityfocus.com>
Sent: Wednesday, May 01, 2002 7:41 AM
Subject: AOL passwords

> I don't know if anyone has said this but, AOL allows you to use a 8+
> character password, but when signing in it will only check the first 8
> character and then it doesn't matter if you type the rest of the password
or
> type the rest of it wrong it will let you in that account. Also their
> access to your email via the web, it will actually tell you its the wrong
> password if your password is over 8 characters and you type the whole
thing
> in, you have to type only the 1st 8 characters to get into it. Not sure
> this is a major issue, but would make the cracking process eaiser for
> someone if they know there is a max of 8 characters needed.
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]