WPEX security issue - Page 2

HossTheBoss · #11 10-31-2006, 03:00 PM

I have also been able to replicate this on the sportsbook / cashier log in.

Brice · #12 10-31-2006, 04:28 PM

There is a simple soultion to this. Only allow eight characters to be typed into the password box.

Mike Haven · #13 10-31-2006, 04:57 PM

There is no security issue that characters added after the eight don't affect the password. This is irrelevant as it will be known to everyone.

If there is a security issue, it's because you can only use up to eight characters in your password. This gives the hacker only 36x36x36x36x36x36x36x36 combinations to crack if you use the full eight. (Of course, there will be a lot more if upper case, lower case, ampersands, etc, are allowed, or if some people use only seven or six, etc.)

Jeff_B · #14 10-31-2006, 07:20 PM

buffer overflow anyone?
I agree though password should be min 8 not max