It's possible to lock user's account if user's password is stored as NT-hash via HTTP proxy. Service restart or configuration reload is required to restore account in working state. In addition, Basic authentication is offered as first authentication protocol, it can lead to shoosing weak (cleartext) authentication protocol even if stronger one (NTLM) supported. Vulnerability is fixed in 0.5.3 version.