ASP-Nuke RC2 and previous versions allows remote malicious users to list all logged-in users by submitting an invalid "pseudo" cookie.
asp-nuke asp-nuke rc2
asp-nuke asp-nuke rc1