os-windows/4425: htpasswd generates inaccessible passwords

[Aaron Seet <bl...@rocketmail.com>]

>Number:         4425
>Category:       os-windows
>Synopsis:       htpasswd generates inaccessible passwords
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Sun May 16 22:10:00 PDT 1999
>Last-Modified:
>Originator:     bloodstorm@rocketmail.com
>Organization:
apache
>Release:        1.3.6
>Environment:
Windows 98
>Description:
i set a htaccess file with require set to valid-user.  the AuthUserFile is wwwaccess, located at the same dir.
using htpasswd i create a user called guest.  password is also guest.  this is the output to the file :
guest:$apr1$/z/.....$md7rl.1tKiSqPPW.r2lnJ.

i didn't know the password 'guest' can create such a long string.  anyway, I try to login using guest but the authentication fails.  i tried other passwds, other users, all fail.
>How-To-Repeat:
juz run htpasswd -c <passwd file> <user name>
>Fix:
no idea wat kinda encryption u use
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]