Wells Fargo Passwords Are Not Case-Sensitive!September 5, 2008 – 11:41 AM
I just heard on the Security Now podcast a listener mention that his Wells Fargo password was not case-sensitive. I’m not a Wells Fargo user but several users who are that I asked this morning actually confirmed this. You will be logged in no matter what case you enter into the password field.
It was also mentioned in SN’s previous podcast that Wells Fargo customers are reporting that the login system will accept only n characters from the password and just ignore the rest. I don’t think we know what n is at this point but, for example, if you have a 15 character password, it may only be reading and accepting the first 7 characters, or 8 characters, etc.
This is all very bad. This also tells me that these passwords are stored in plaintext and not hashed at all in the database.
Be careful WF customers. They have all of your money and they are not doing everything they possibly can to protect it. Very sad.