|
|
|
|
|
|
by terom
3333 days ago
|
|
|
The article discusses an actual partial prefix match. > we tested out a case in which only a portion of the correct response hash is sent to the AMT web server. To our surprise, authentication succeeded! > Next, we reduced the response hash to one hex digit and authentication still worked. This doesn't imply that "no password" - an empty password would still result in a non-empty HTTP Authorization Digest response hash, which would not allow you to login. An empty/truncated digest response hash is not the same thing as an empty/truncated password. |
|
|