OWASP CVEs for Broken Authentication in 1992