Severity: Critical
CVSS Score: 9.8
basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.