There is no issue. Length extension requires the full (or as close to full as to make no difference) output of the hash function.
The problem with hash functions like SHA1,2 and MD5 is that their output represents their entire internal state.
In this case let's say an attacker recovered the password for door 1. They can then compute what the passwords associated with Door's whose number starts with 1.
As the password is substantially truncated, this does not represent the final state of the hash, and the attack is not useful.
That aside, this still suffers from weak key derivation, allowing a more direct bruteforce attack, as others have mentioned.
The problem with hash functions like SHA1,2 and MD5 is that their output represents their entire internal state.
In this case let's say an attacker recovered the password for door 1. They can then compute what the passwords associated with Door's whose number starts with 1.
As the password is substantially truncated, this does not represent the final state of the hash, and the attack is not useful.
That aside, this still suffers from weak key derivation, allowing a more direct bruteforce attack, as others have mentioned.