Amazon not checking passwords properly or password bug?

I just tried to log in to my Amazon account and didn’t notice Chrome had already pre-filled in my password so I ended up typing my password on the end of the pre-filled password and in my rush hit Enter…it logged me in!? WTF?

I logged out of my Amazon account and tried logging in with a completely incorrect password and it was rejected. I then tried with my correct password but added some arbtry numbers to the end (123456) and it still logged me in! Seriously? If your password is only X characters long, Amazon only check the first X characters that you have entered in the password field?

For Example:

If your Amazon password is helloworld (mine’s not that btw) and you tried to log in using helloworld123456 it accepts it as your password, it’s not even respecting case sensitivity and is accepting HELLOWORLD. Likewise if you enter any of the following in the password field it will accept it and log you in:

  • helloworldhelloworld
  • helloworldblahblahblah
  • helloworld_this_is_not_very_secure_surely
  • HeLlOwORldABC123

Continue reading “Amazon not checking passwords properly or password bug?”