You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Aaron Seet <bl...@rocketmail.com> on 1999/05/17 07:05:20 UTC
os-windows/4425: htpasswd generates inaccessible passwords
>Number: 4425
>Category: os-windows
>Synopsis: htpasswd generates inaccessible passwords
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Sun May 16 22:10:00 PDT 1999
>Last-Modified:
>Originator: bloodstorm@rocketmail.com
>Organization:
apache
>Release: 1.3.6
>Environment:
Windows 98
>Description:
i set a htaccess file with require set to valid-user. the AuthUserFile is wwwaccess, located at the same dir.
using htpasswd i create a user called guest. password is also guest. this is the output to the file :
guest:$apr1$/z/.....$md7rl.1tKiSqPPW.r2lnJ.
i didn't know the password 'guest' can create such a long string. anyway, I try to login using guest but the authentication fails. i tried other passwds, other users, all fail.
>How-To-Repeat:
juz run htpasswd -c <passwd file> <user name>
>Fix:
no idea wat kinda encryption u use
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request ]
[from a developer. ]
[Reply only with text; DO NOT SEND ATTACHMENTS! ]