CVE-2024-37183

Plain text credentials and session ID can be captured with a network sniffer.