The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
This incorrect implementation may allow authentication to be bypassed.
CWE-1390
CVE-2003-0750
Conditional should have been an 'or' not an 'and'.