diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/security/Credential.java b/jetty-util/src/main/java/org/eclipse/jetty/util/security/Credential.java
index 862d3bd7605..2f86d7554e0 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/security/Credential.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/security/Credential.java
@@ -105,7 +105,7 @@ public abstract class Credential implements Serializable
         int l1 = known.length();
         int l2 = unknown.length();
         for (int i = 0; i < l2; ++i)
-            result &= known.charAt(i%l1) == unknown.charAt(i);
+            result &= ((l1==0)?unknown.charAt(l2-i-1):known.charAt(i%l1)) == unknown.charAt(i);
         return result && l1 == l2;
     }
 
@@ -127,7 +127,7 @@ public abstract class Credential implements Serializable
         int l1 = known.length;
         int l2 = unknown.length;
         for (int i = 0; i < l2; ++i)
-            result &= known[i%l1] == unknown[i];
+            result &= ((l1==0)?unknown[l2-i-1]:known[i%l1]) == unknown[i];
         return result && l1 == l2;
     }
 
diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/security/CredentialTest.java b/jetty-util/src/test/java/org/eclipse/jetty/util/security/CredentialTest.java
index a8aac3dbc48..5ea977f104a 100644
--- a/jetty-util/src/test/java/org/eclipse/jetty/util/security/CredentialTest.java
+++ b/jetty-util/src/test/java/org/eclipse/jetty/util/security/CredentialTest.java
@@ -20,13 +20,13 @@
 package org.eclipse.jetty.util.security;
 
 
-import static org.junit.jupiter.api.Assertions.assertFalse;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-
 import org.eclipse.jetty.util.security.Credential.Crypt;
 import org.eclipse.jetty.util.security.Credential.MD5;
 import org.junit.jupiter.api.Test;
 
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
 
 /**
  * CredentialTest
@@ -94,4 +94,20 @@ public class CredentialTest
         assertFalse(Credential.byteEquals("foo".getBytes(),"fo".getBytes()));
         assertFalse(Credential.byteEquals("foo".getBytes(),"bar".getBytes()));
     }
+
+    @Test
+    public void testEmptyString()
+    {
+        assertFalse(Credential.stringEquals("fooo",""));
+        assertFalse(Credential.stringEquals("","fooo"));
+        assertTrue(Credential.stringEquals("",""));
+    }
+
+    @Test
+    public void testEmptyBytes()
+    {
+        assertFalse(Credential.byteEquals("fooo".getBytes(),"".getBytes()));
+        assertFalse(Credential.byteEquals("".getBytes(),"fooo".getBytes()));
+        assertTrue(Credential.byteEquals("".getBytes(),"".getBytes()));
+    }
 }
diff --git a/pom.xml b/pom.xml
index 28661b25699..c5fbf928662 100644
--- a/pom.xml
+++ b/pom.xml
@@ -509,63 +509,6 @@
               <link>http://docs.oracle.com/javase/8/docs/api/</link>
               <link>http://docs.oracle.com/javaee/7/api/</link>
             </links>
-            <tags>
-              <tag>
-                <name>org.apache.xbean.XBean</name>
-                <placement>X</placement>
-                <head />
-              </tag>
-              <tag>
-                <name>phase</name>
-                <placement>t</placement>
-                <head>Phase:</head>
-              </tag>
-              <tag>
-                <name>goal</name>
-                <placement>t</placement>
-                <head>Goal:</head>
-              </tag>
-              <tag>
-                <name>description</name>
-                <placement>a</placement>
-                <head>Description:</head>
-              </tag>
-              <tag>
-                <name>parameter</name>
-                <placement>f</placement>
-                <head>Parameter:</head>
-              </tag>
-              <tag>
-                <name>required</name>
-                <placement>f</placement>
-                <head>Required:</head>
-              </tag>
-              <tag>
-                <name>readonly</name>
-                <placement>f</placement>
-                <head>Read-Only:</head>
-              </tag>
-              <tag>
-                <name>execute</name>
-                <placement>X</placement>
-                <head />
-              </tag>
-              <tag>
-                <name>requiresDependencyResolution</name>
-                <placement>X</placement>
-                <head />
-              </tag>
-              <tag>
-                <name>requiresProject</name>
-                <placement>X</placement>
-                <head />
-              </tag>
-              <tag>
-                <name>threadSafe</name>
-                <placement>X</placement>
-                <head />
-              </tag>
-            </tags>
           </configuration>
         </plugin>
         <plugin>