Plastic SCM version 10.0.16.5622 suffers from an insecure direct object reference vulnerability that lets an attacker set the administrative password. Continue reading...