nevisAuth versions since 4.13.0.0 (2012-11-21) and prior to 4.18.3.1 (2015-07-02) suffer from an authentication bypass vulnerability.