Yeah, I'm still not convinced this is actually exploitable, even by accident. It looks like the buggy user mapping would always end up in accidental access denying rather than accidental access allowance...
Alvaro: could you describe a scenario where this bug can be exploited for profit by an attacker ?
Yeah, I'm still not convinced this is actually exploitable, even by accident. It looks like the buggy user mapping would always end up in accidental access denying rather than accidental access allowance...
Alvaro: could you describe a scenario where this bug can be exploited for profit by an attacker ?