Glewlwyd is a server for single sign-on servers, OAuth2, OpenidConnect, multi-factor authentication, HOTP/TOTP, FIDO2, TLS certificates, etc. An access control vulnerability exists in Glewlwyd via a plug-in extension, which is related to the affected version logic judgment. An access control vulnerability exists in webservice.c due to additional control code. An attacker could use the vulnerability to obtain account information.