The vulnerability is better emphasized by the fact that a remote attacker can logon into the system with the administrator username without knowing the password by entering the following information in the logon screen:
Email: admin Password: 'or''='
On the 21st of Sep 2003 this issue was reported to DeskPRO, the following reply was received on the same day: Thank you for the notification, we will have a fix within 24 hours. We appreciate keeping the information out of the public domain until we have had time to fix and release a patch."
On the 2nd of Oct 2003 after the majority of their customers patched the issue, we have decided to release this advisory.