The software performs authentication based on the name of a
					resource being accessed, or the name of the actor performing the access, but it
					does not properly check all possible names for that resource or
					actor.