I noticed i could add anything to my password(when using the webadmin), which is d2ac5wrk (dunno if that does anyhting for you), and it would allow me to enter. an example would be "d2ac5wrkofiabnsdoigbaosies" would let me enter where as "d2ac5wr" would not. Ever heard of this?
That's the limit of the DES algorithm used in crypt() function, only the first 8 characters of the password are used to generate the encrypted password, the rest are ignored.
I think Apache is the same, isn't it? :roll: