Summary
The remote pCOWeb is prone to a default account authentication bypass vulnerability. This issue may be exploited by a remote attacker to gain access to sensitive information or modify system configuration.
It was possible to login as user 'http' with no password.
Solution (workaround):
Login with telnet and set a password or change the shell from '/bin/bash' to '/bin/nologin'.
References
