Critical auth bypass vulnerability in phpBB

I tested it myself, seems to reproduce on: 3.1.0-a1 to 3.3.16, 4.0.0-a1 / 4.0.0-a2. Fixed in 3.3.17 and in master.

Gives you auth + access to Moderation Control Panel (if the user is a moderator/admin). Does not give access to the Admin Control Panel though.