Aiyoriaoshi

**Name of the Vulnerable Software and Affected Versions** Cacti version 1.2.19 **Description** The issue is related to an authentication bypass in the web login functionality of Cacti due to improper validation in the PHP code. Specifically, the `cacti ldap auth()` function allows a zero as the password, enabling a remote attacker to bypass the authentication procedure. **Recommendations** For Cacti version 1.2.19, consider disabling the `cacti ldap auth()` function until a patch is available to prevent exploitation of this issue.