You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2011/03/09 22:18:25 UTC

DO NOT REPLY [Bug 50905] New: Basic Auth password issue

https://issues.apache.org/bugzilla/show_bug.cgi?id=50905

           Summary: Basic Auth password issue
           Product: Apache httpd-2
           Version: 2.2.3
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: dcatrett@gmail.com


When using basic auth, if you take off the last character of the password, it
will still authenticate. ie. the last character of password is optional

I first discovered this error confirming that basic auth was working via lynx
and deleting the last character.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 50905] Basic Auth password issue

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=50905

--- Comment #1 from dcatrett@gmail.com 2011-03-09 16:20:58 EST ---
Example:
lynx -auth=foo_admin:foo_admi http://pxy01foo/blah
gives the same result as
lynx -auth=foo_admin:foo_admin http://pxy01foo/blah
where the login/pass is foo_admin/foo_admin

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 50905] Basic Auth password issue

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=50905

William A. Rowe Jr. <wr...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #2 from William A. Rowe Jr. <wr...@apache.org> 2011-03-09 17:31:40 EST ---
Such behavior is by design, and is a side effect of your system crypt()
function, where only 8 characters are significant.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org