CLOSED: HDAConnect password authentication only looks at first 8 characters
Posted: Thu Feb 08, 2018 7:29 am
Hello,
I am using HDA Connect GUI v 3.2 for windows. While logging into my HDA from work I entered a wrong character at the end of my 10 character password, but I was granted access. I tried again, and agian and again and I found that as long as the first 8 characters of my password were correct, I would be allowed in. I could have trailing characters way over my 10 character password and still get in. If anything in the first 8 characters is wrong, I am disallowed access, as expected.
The point is, this application only verifies the accuracy of the first 8 characters of the password. The rest is assumed accurate.
This seems like a GROSS oversight on the security of my internet facing device here.... can anyone else check this on their system? Can admins please comment? Can this get patched? Quickly!
Thanks,
JP
I am using HDA Connect GUI v 3.2 for windows. While logging into my HDA from work I entered a wrong character at the end of my 10 character password, but I was granted access. I tried again, and agian and again and I found that as long as the first 8 characters of my password were correct, I would be allowed in. I could have trailing characters way over my 10 character password and still get in. If anything in the first 8 characters is wrong, I am disallowed access, as expected.
The point is, this application only verifies the accuracy of the first 8 characters of the password. The rest is assumed accurate.
This seems like a GROSS oversight on the security of my internet facing device here.... can anyone else check this on their system? Can admins please comment? Can this get patched? Quickly!
Thanks,
JP