Here is the hotfix file, which I shall be posting on the portal page in a few minutes, simply extract the auth.php file from the archive and replace the hcl/class/auth.php on your webserver.
NOTE: This hotfix is untested at this time, and while it should cause no problems, there may be issues with it.
Frankly the fix involved adding one line to the auth.php code, a simple exit statement appears to have been missing. Please, if your using 2.1.2, 2.1.3, 2.1.3a, or 2.1.4, replace the auth.php with the one attached to this message.
Again, remember, if you spot even a suspected vulnerability, please at least PM me a message about it, or post on the forums here. I'd rather chase a few wild geese then have even on vulnerability out in the wild.
Edit: Doh, I forgot to add the file...