httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 46152] New: access allowed if password matches first seven characters of real password
Date Wed, 05 Nov 2008 13:56:24 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=46152

           Summary: access allowed if password matches first seven
                    characters of real password
           Product: Apache httpd-2
           Version: 2.2.3
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_auth
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: pato_silva@esdebian.org


I created a site with access restricted by mod_auth_basic and created the
password file with "htpasswd -c /etc/apache2/.htpasswd user" with a password of
12 characters, and I realized that access is allowed when anyone introduce a
password and firsts seven characters match with the original password. 

Using encryption md5 ("htpasswd -cm /etc/apache2/.htpasswd user") that's not
happening but the documentation does not say md5 must be used to encrypt the
password. 

I do not know if the bug is in the module mod_auth or in the documentation.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message