id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
119	http auth accepts any password with correct prefix	Martin Loehnertz	somebody	"Http auth accepts any additional suffix to the correct password.
So if the password is ""password"" then ""passwordfoobar"" is accepted too.

"	defect	closed	minor		nginx-module	1.0.x	invalid			Linux xxxx 2.6.32-6-pve #1 SMP Fri Nov 4 06:54:05 CET 2011 i686 GNU/Linux	"nginx version: nginx/1.0.12
built by gcc 4.4.5 (Debian 4.4.5-8)
TLS SNI support enabled
configure arguments: --without-http_fastcgi_module --without-http_geo_module --without-http_memcached_module --without-http_scgi_module --without-http_uwsgi_module --with-http_ssl_module --with-ipv6 --user=www-data --group=www-data --without-http_limit_zone_module --without-http_referer_module --without-http_split_clients_module --without-http_ssi_module"