BlogEngine.NET 1.3 has a serious security flaw which allows an attacker to view login usernames and passwords.