A critical Apache StreamPipes vulnerability lets users hijack admin accounts via broken authentication.