Name of the Vulnerable Software and Affected Versions: ezplatform-rest versions prior to 1.3.8

Description: The issue allows users to authenticate even with a disabled user account, posing a high risk when account disabling is used to block access. This can be exploited by users who had an account, but not by those who never had one. The estimated number of potentially affected devices is not specified.

Recommendations: For versions prior to 1.3.8, update to ezsystems/ezplatform-rest v1.3.8 to ensure tokens are generated only for enabled user accounts.