Multiple proof-of-concept exploits emerged quickly after an authentication-bypass flaw was made public, and at least one researcher says the vulnerability had already been exploited in the wild for a month before disclosure — suggesting attackers had a significant head start.