CLOSED: HDAConnect password authentication only looks at first 8 characters

beaker2382
Posts: 8
Joined: Tue Oct 03, 2017 5:26 pm

CLOSED: HDAConnect password authentication only looks at first 8 characters

Postby beaker2382 » Thu Feb 08, 2018 7:29 am

Hello,

I am using HDA Connect GUI v 3.2 for windows. While logging into my HDA from work I entered a wrong character at the end of my 10 character password, but I was granted access. I tried again, and agian and again and I found that as long as the first 8 characters of my password were correct, I would be allowed in. I could have trailing characters way over my 10 character password and still get in. If anything in the first 8 characters is wrong, I am disallowed access, as expected.

The point is, this application only verifies the accuracy of the first 8 characters of the password. The rest is assumed accurate.

This seems like a GROSS oversight on the security of my internet facing device here.... can anyone else check this on their system? Can admins please comment? Can this get patched? Quickly!

Thanks,
JP

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: HDAConnect password authentication only looks at first 8 characters

Postby bigfoot65 » Thu Feb 08, 2018 10:48 am

If this is in fact an issue, best if you [App=https://bugs.amahi.org]submit a bug report[/App].

We cannot action based on a forum post.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: HDAConnect password authentication only looks at first 8 characters

Postby bigfoot65 » Thu Feb 08, 2018 6:29 pm

Continue to follow progress in bug 2302.

Marking topic as closed.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

Who is online

Users browsing this forum: No registered users and 15 guests