[原文]TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.
TikiWiki contains a flaw that may allow a remote attacker to bypass authentication settings. The issue is triggered due to the 'remember me' feature, which could allow a remote attacker to login with a valid username and no or any password resulting in a loss of confidentiality.
Upgrade to version 1.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.