Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.
http://www.securityfocus.com/bid/22889
http://www.securityfocus.com/archive/1/462375/100/0/threaded
http://sourceforge.net/project/shownotes.php?release_id=494462&group_id=175965
http://securityreason.com/securityalert/2436