Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
https://exchange.xforce.ibmcloud.com/vulnerabilities/55871
http://www.securityfocus.com/bid/37949
http://sitracker.org/wiki/ReleaseNotes351
http://sitracker.org/forum/viewtopic.php?f=4&t=1416979&p=2292