Sounds like a good ol mainframe character limit
I ran into this too a few months ago: here.
Once again...this would not be a security issue, until you h@x0rs made a big deal out of it...We make people super-duper promise not be bad on our site...What else can we do?
We have something very similar where I work with a time-writing app. It wont let you have a long password, and you have to use alphanumeric only. Great system.
no more than 8 chars and NO SPECIAL chars... that drops the possible keyspace down to about a 10 minute dictionary attack ;) woohoo!
It's pretty crazy how often you run into this. I've even seen it on things like domain registration and control, although I haven't run into it on any sites like this one where it's something like your finances that are at risk.
one of the reasons I no longer have an Amex.
By the way... almost a year later and this still hasn't changed.
Post a Comment
Copyright 2015 © Carnal0wnage & Attack Research Blog