Wells Fargo security has never really been in question but I noticed a security weakness concerning its online banking today. More specifically, there seems to be a weakness with its password verification.
Like any bank, Wells Fargo allows online banking via an username and password. What’s interesting is that you can actually get into the system without the correct password (as of March 16, 2009)!
All you have to do is type your username correctly and the Wells Fargo system will let you through if the password you type includes the correct password at the front.
For example, let’s say your password is “123abc” (without the quotes). If you put in the correct username and put in any string that starts with 123abc as the password, the Wells Fargo security system will let you through. So:
- 123abc1 will work
- 123abc2 will also work
- 123abc41 will work as well
Hopefully, there are additional checks that I’m not seeing right now but either way, it’s much more convenient but so much less secure.
So one advice to Wells Fargo Security. Fix it please!
{ 1 trackback }
{ 0 comments… add one now }