Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
A product requires authentication, but the product has an alternate path or channel that does not require authentication.