Udostępnij za pośrednictwem


“IfYouAreReadingThisYouHaveTooMuchFreeTime”

That’s the phrase you see assigned to the hidden variable in hotmail passport authentication. You might notice this phrase when you record the web test for a webpage containing passport authentication. The form post parameters of the passport authentication URL (https://login.live.com/ppsecure/post.srf) contains variables such as Login (Email ID), Passwd (password), PwdPad etc.

                                                    clip_image002

Notoriously, the PwdPad variable is assigned a phrase called “IfYouAreReadingThisYou HaveTooMuchFreeTime”. However, if you observe the value recorded for PwdPad variable recorded in the web tests, it appears to be varying in length with some of the right most characters of the phrase clipped.

From the code point of view, the length of the phrase varies with the length of the password. The logic behind the variable length is, say, the password of the passport Id contains “7” characters, then 7 rightmost characters are clipped from the phrase “IfYouAreReadingThisYouHave TooMuchFreeTime” and the remaining phrase “IfYouAreReadingThisYouHaveTooMuchF” is assigned to the variable Pwdpad. In the screenshot shown above, the length of the password is 8 characters, hence the 8 right most characters are clipped from the phrase and “IfYouAreReadingThisYouHaveTooMuch” is assigned to PwdPad.

The maximum length of the Password in passport Hotmail Accounts is 16 characters, so you will definitely find atleast “IfYouAreReadingThisYouHav” assigned to the PwdPad.

Comments