← Back to context

Comment by jrcii

10 years ago

I had a bug with a Bank of America payment system which wouldn't accept registrations with upper-case Zs in the company name. I went into super sleuth mode and somehow found the company they hired to make it and got a number for their development department. After explaining the problem to the guy who answered his only response was, "How did you get this number??"

6 comments

jrcii

Reply
S_A_P  10 years ago

A few years ago I discovered that the wells-Fargo website would log you in by typing the correct password and some additional n characters after the password. I reported it to the security group and that still worked until I stopped banking with them a year or so later.

  • xiix  10 years ago

    I've heard of systems like these, which would essentially store passwords as n-length strings, and upon registration/verification simply truncate the given string to n characters.