Project

General

Profile

Bug #2302

HDAConnect password authentication only looks at first 8 characters

Added by beaker2382 almost 2 years ago.

Status:
New
Priority:
High
Assignee:
-
Target version:
-
Start date:
02/08/2018
Due date:
% Done:

0%


Description

Hello,

I am using HDA Connect GUI v 3.2 for windows. While logging into my HDA from work I entered a wrong character at the end of my 10 character password, but I was granted access. I tried again (and agian and again and again, etc) and I found that as long as the first 8 characters of my password were correct, I would be allowed in. I could have trailing characters way over my 10 character password and still get in. If anything in the first 8 characters is wrong, I am disallowed access, as expected.

The point is, this application only verifies the accuracy of the first 8 characters of the password. The rest is assumed accurate.

This seems like a GROSS oversight on the security of my internet facing device here.... Can this get patched? Quickly!

Thanks,
JP

Also available in: Atom