During access via SSL user's password is not verified.
vulners.com/securityvulns/securityvulns:doc:3405