phpBB forum fixes auth bypass bug lurking for a decade

A 10-year-old authentication bypass vulnerability in phpBB lets attackers log in as any user, including admins, with a single HTTP request. The flaw impacts versions 3.3.16 and below and 4.0.0-a2. phpBB fixed it in version 3.3.17 on June 6. No fix exists yet for the 4.x branch.