Admin password security issue [passwords are not case-sensitive]

I had an Admin password that was a combination of upper and lower case letters. My browser saved it, so I never retyped it.
Tonight I logged in from another machine, and incorrectly typed the password, it logged in without issue.

Further testing seemed to indicate despite the password being set to let's say PaSSword you could log in with PAssWoRD.

It didnt seem to be case dependent.

I can only test it on my SDR, but is this an issue for others?

Dave
M0TAZ

Comments

  • Passwords being case-insensitive is a (deliberate) feature.

  • Really? That does seem a little insecure. I wonder how many admins are aware of that...

    Ta Dave
  • I have to say I do find that a little strange. If you going to do that you really shouldn't be able to type uppercase letters in that box. At least that way the user would realise the issue, and hopefully select a password that doesn't overly rely on upper/lower case letters as part of their password security.
  • I assume by the lack of comments everyone is happy with this undocumented feature? Thanks for the clarification John, I've made my views clear, I would prefer the password was more secure and included upper and lower case characters.

    Ta Dave 
Sign In or Register to comment.