The container sub-directory is protected with HTTP Authentication, username fire and password fox and the point is to provide somewhere to demo this bug.