Basic Auth. Password Matching
I discovered a feature or bug about basic authentication mechanism.
If the password matches the following regexp, and includes any
garbage characters at the end of its, server says OK.
our password is testing15, and the user enters testing15uaik it will
be sent HTTP 200 Ok.
I'm using Debian Sarge, Apache 2.0.54 (from apt repository), and
latest security updates applied.
Cafer 'cfb' Şimşek