i had a zoom call with people to discuss a major vulnerability i found.
this sounds like a bug with your client rather than the server — as far as i can tell, i haven’t touched auth code in years
all i know is apparently i logged into an account with a password even though the account had no password assigned, and then you gave me a warning
that sounds more like the user configured their account wrong. right now its possible for someone to set their password to be blank (which is different from disabling password login).