BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users.Referenceshttp://secunia.com/advisories/13302http://www.securityfocus.com/bid/11650http://www.osvdb.org/12144http://www.gotbnc.com/changes.html#2.9.1https://exchange.xforce.ibmcloud.com/vulnerabilities/18103
