>Number: 4425 >Category: os-windows >Synopsis: htpasswd generates inaccessible passwords >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sun May 16 22:10:00 PDT 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.6 >Environment: Windows 98 >Description: i set a htaccess file with require set to valid-user. the AuthUserFile is wwwaccess, located at the same dir. using htpasswd i create a user called guest. password is also guest. this is the output to the file : guest:$apr1$/z/.....$md7rl.1tKiSqPPW.r2lnJ.
i didn't know the password 'guest' can create such a long string. anyway, I try to login using guest but the authentication fails. i tried other passwds, other users, all fail. >How-To-Repeat: juz run htpasswd -c <passwd file> <user name> >Fix: no idea wat kinda encryption u use >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
