Patient Record Management System version 1.0 suffers from an authentication bypass vulnerability during account recovery.