OK, Wii Fit isn't exactly the most critical application out there, so it's not too much of a worry if things aren't locked down completely.  However, the security methodology used is just so utterly pathetic that it's simply disconcerting that it was permitted.


In Wii Fit, you have the option of setting a password for your character and information in order to protect your daily progress.  It uses a four-digit pin, which while not very strong, it's passable for this situation.  What's not passable, however, is what happens if you fail to enter it correctly in three attempts.


After three failed logins, you are prompted to enter your height.  What I thought, at first, was that this was a measure to ensure you're you, or be locked out from guessing.  What happens, though, if you guess wrong is that you can just keep trying.


What happens if you get it right?  It logs you in, where you can then change the password without knowing the original.


Given a person between 5'0 and 7'0, that's a mere 24 combinations--you could brute force that in 5 minutes.


As long as you're going to add the feature to the game, at least give it the slightest bit of consideration.
Posted by Ellyoda Sun, 22 Mar 2009 01:49:25 (comments: 4)
 
Sun, 22 Mar 2009 02:09:32
My sister is considerably more pissed off by this than anticipated.

Somehow, making someone's BMI 99.99 "ruins everything."
 
Sun, 22 Mar 2009 08:57:21
Haaa, now I can screw things over! Thanks
 
Sun, 22 Mar 2009 14:59:41
Coool! They should do this for ATMs
 
Mon, 23 Mar 2009 02:01:55
But bigger is better.
Log in or Register for free to comment
Recently Spotted:
robio (1m)
Login @ The VG Press
Username:
Password:
Remember me?