Bug#539246: (kein Betreff)

forget it ... "When using the |crypt()| algorithm, note that only the first 8 characters of the password are used to form the password. If the supplied password is longer, the extra characters will be silently discarded." -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with

Bug#539246: apache2: Incorrect password check with CRYPT

Package: apache2.2-common Version: 2.2.9-10+lenny4 Severity: grave Tags: security Justification: user security hole If you create a User/Password combination with htpasswd using the default CRYPT encryption and a password with more than 8 chars, the Website still gets you access by typing in the