Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.Referenceshttp://support.citrix.com/article/CTX200285http://www.securityfocus.com/archive/1/534176/100/0/threaded
