>Number: 4423 >Category: mod_auth-any >Synopsis: Only first eight characters of password are used >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sun May 16 20:40:00 PDT 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.6 Win32 >Environment: NT 4.0 sp3 server / Netscape 4.05 client >Description: Possibly the same cause as PR#3389.
Using htpasswd md5 under win32 1.3.6 with password length greater than 8 characters. If the full password is typed in the server errors with password mismatch. If the first eight characters are typed then server authenticates OK. Works as expected for passwords <= 8 characters. >How-To-Repeat: Intranet. Sorry. >Fix: Workaround. Restrict passwords to 8 chars or less. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
