This bug has been fixed.
Fixed Version
- Ver.16.2.2
Affected Version and Operation
- Ver. 13.3.0 and later versions
Bug Details
- Occurs in operating
- Authentication with a password that exceeds 72 characters
- What will occur
- If the first 72 characters match, authentication succeeds even if a password that does not match exactly is entered
Although the specification allows for a password of up to 100 characters to be set as the login password, only the first 72 characters are used to determine the password match during authentication. Therefore, if a password that exceeds 72 characters has been set, as long as the first 72 characters match, authentication will succeed even if a password that does not match exactly is entered.
Workaround/Recovery
- Passwords of 72 characters are strong enough to prevent unauthorized logins
- If your password consists of only easy-to-guess characters in the first 72 characters, please change it to a password of 72 characters or less that is hard to guess
- This Bug is due to be fixed in the coming version (Ver. 16.2.2), and the first successful password login after upgrading will reset the password without missing any information after the 73rd character
- Only information up to 72 characters will be used to determine the password login for the first time after upgrading
- If you are not sure about the 73rd or later characters of the password you set, please click on “Forgot password?” to reset your password
This Bug is due to be fixed in the coming version (Ver. 16.2.2)