ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.