https://issues.apache.org/bugzilla/show_bug.cgi?id=46152
Summary: access allowed if password matches first seven
characters of real password
Product: Apache httpd-2
Version: 2.2.3
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_auth
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
I created a site with access restricted by mod_auth_basic and created the
password file with "htpasswd -c /etc/apache2/.htpasswd user" with a password of
12 characters, and I realized that access is allowed when anyone introduce a
password and firsts seven characters match with the original password.
Using encryption md5 ("htpasswd -cm /etc/apache2/.htpasswd user") that's not
happening but the documentation does not say md5 must be used to encrypt the
password.
I do not know if the bug is in the module mod_auth or in the documentation.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
