I am getting the same error as well. When I protect a directory, and I input the right password it will not let me in.
I looked in the .htaccess file and I found it puts in the following stanzas:
AuthName "Members Only"
<limit GET PUT POST>
That is not the right location for the .htpasswd file as per how the system saves it, ISPconfig actually places it in /var/www/webxx/user/username/.htpasswd
I corrected the location. It now actually takes the password, but I am presented with a 403 Forbidden Error when I try to login.
Also, when logging in through the web-ftp, if you don't choose the right domain name, and proceed to login and protect the directory, ISPconfig will save the AuthUserFile variable to match the wrong domain you chose.