A security researcher has found an odd issue with how the Nintendo Switch console handles login credentials, potentially making it easier for hackers to figure out peoples’ passwords, and raising questions about how Nintendo is storing passwords. From a report: The issue revolves around how users log into the eShop from a Nintendo Switch. As security researcher Runa Sandvik explained it, when logging into the eShop before typing in a password, the ‘OK’ dialogue box is greyed out. When a user enters their correct password, it lights up and lets the user log in. Expected behaviour, so far. But Sandvik found that the ‘OK’ box also lights up if the user only enters the first eight characters of their password. The eShop won’t let the user actually login — they still need to enter their complete password — but it does provide visual feedback to someone trying to guess a password that they’re on the right track. Essentially, this could give a hacker a better chance of figuring out your password if they only have to determine what comes after the eighth character, although of course they would still need to get that first section too.
of this story at Slashdot.
Source:: Slashdot