By adding additional / after hostname in Web access URL it's possible to bypass authentication.
vulners.com/securityvulns/securityvulns:doc:4597