After authentication user is redirected to dynamic port. Authentication is perfomed only by target port and client IP address.
vulners.com/securityvulns/securityvulns:doc:13295