BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote malicious users to use the functionality intended for authorized users.
bnc bnc 2.9.0