CVE-2023-32302 — Improper Input Validation in Framework

Silverstripe Framework: Members with no password can be created and bypass custom login forms When a new `Member` record was created in the cms it was possible to set a blank password. If an attacker knows the email address of the user with the blank password then they can attempt to log in using an empty password. The default member authenticator, login form and basic auth all require a non-empty password, however if a custom authentication method is used it may allow a successful login with t…