The system is invulnerable if a message of 'Password is not entered' or a message in the system is shown for each pattern of http://xxx.xxx.xxx/login.asp?id='-- .