Launchpad.net

CVE 2014-3781

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.

See the CVE page on Mitre.org for more details.