piranha is vulnerable to authentication bypass. The Piranha Configuration Tool did not properly restrict access to its web pages, allowing a remote attacker to connect to the web server port to read or modify LVS configuration without valid credentials and a valid session identifier.