The big, bad bug of the week is called Zerologon. As you can probably tell from the name, it involves Windows – everone else talks about logging in, but on Windows you’ve always very definitely logged on – and it is an authentication bypass, because it lets you get away with using a zero-length password.

Read full article on Naked Security