A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function.Referenceshttps://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt
