Server doesn't check authentication type choosen by client is allowed.
vulners.com/securityvulns/securityvulns:doc:12672
vulners.com/securityvulns/securityvulns:doc:13527
vulners.com/securityvulns/securityvulns:doc:13770