Student found Myspace security flaw

• nightzip

  22 Aug 06, 12:45

  Student found Myspace security flaw
  
  Password chopping
  
  By Nick Farrell: Monday 21 August 2006, 17:13
  
  A UK STUDENT has stumbled on what he thinks is a flaw in MyspaceÂ’s password system.
  A source close to an AV outfit said that he stumbled on the flaw when he mistyped his password.
  
  Writing in his bog, now removed, the lad said that he typed it in wrong, but still managed to log in. He discovered that if you drop the last character from your password it will still let you login happily also if you have entered the entire password correctly then you can have absolutely anything else after that and it will still log you in.
  
  The boy thought it was odd that Myspace truncated the password, and seems to think it would be easier for someone to hack into your account.
  
  Unfortunately, the bog is now deceased. The flaw may still remain. µ
  
• sgboy2004

  22 Aug 06, 12:48

  mi really wonder why they need to truncate it????
• ndmmxiaomayi

  22 Aug 06, 13:00

  Friendster also has a habit of truncating passwords, but there's no problem with Friendster's security systems.
  
  Let's say your password is this long: aaaaaaaaaaaaaaaaaaaaaaaaa
  
  In the password field, it will show only aaaaaaaaa
  
  However, if you try typing aaaaaaaaa only, you can't log in.
• nightzip

  22 Aug 06, 13:13

  ohh...so its like the memory records, but never show out exactly how many "digits" there are...there is good mah...added security feature leh..
• BrUtUs

  22 Aug 06, 13:27

  might be programmer mistake...
• davidche

  25 Aug 06, 16:46

  hehe
  
  
  
  *hacking in other ppl's account*