Monday, October 6, 2008

AMEX = FAIL

saw this today while reseting a password...awesome.



Also looks like I'm not the only one having the problem.
http://lastinfirstout.blogspot.com/2008/10/trivial-account-reset-on-american.html
at

9 comments:

  1. AnonymousOctober 6, 2008 at 3:33 PM

    Sounds like a good ol mainframe character limit

    ReplyDelete
  2. hoggOctober 6, 2008 at 4:50 PM

    This comment has been removed by the author.

    ReplyDelete
  3. hoggOctober 6, 2008 at 4:52 PM

    I ran into this too a few months ago: here.

    ReplyDelete
  4. AnonymousOctober 6, 2008 at 11:12 PM

    Once again...this would not be a security issue, until you h@x0rs made a big deal out of it...
    We make people super-duper promise not be bad on our site...
    What else can we do?

    ReplyDelete
  5. SzafOctober 7, 2008 at 5:48 AM

    We have something very similar where I work with a time-writing app. It wont let you have a long password, and you have to use alphanumeric only. Great system.

    ReplyDelete
  6. AnonymousOctober 7, 2008 at 10:37 PM

    no more than 8 chars and NO SPECIAL chars... that drops the possible keyspace down to about a 10 minute dictionary attack ;) woohoo!

    ReplyDelete
  7. Rob StevensOctober 15, 2008 at 7:41 PM

    It's pretty crazy how often you run into this. I've even seen it on things like domain registration and control, although I haven't run into it on any sites like this one where it's something like your finances that are at risk.

    ReplyDelete
  8. Morgan StoreyOctober 16, 2008 at 8:21 PM

    one of the reasons I no longer have an Amex.

    ReplyDelete
  9. grey_areaSeptember 30, 2009 at 9:59 PM

    By the way... almost a year later and this still hasn't changed.

    ReplyDelete