If you're using Access Control based on Authentication on your Webserver (often known as htpasswd, Basic Authentiaction, password protected directory or similar), WordPress is not able to handle it for Flash Uploader, Cron and XMLRPC. Related files need to be excluded to work. Keep in mind that this might break your security considerations.
# Exclude the file upload and WP CRON scripts from authentication <FilesMatch "(async-upload\.php|wp-cron\.php|xmlrpc\.php)$"> Satisfy Any Order allow,deny Allow from all Deny from none </FilesMatch>
Some alternatives might be considerable: