rdiffweb is vulnerable to authentication bypass. The vulnerability exists because the validate_password
function of page_admin.py
does not properly validate the password score, allowing an attacker to bypass the application logic to set a blank password.