Owl v0.71, the multi user document repository, fails to actually authenticate a login name given. If a completely fake login name is passed, an attacker can get in without any valid session id.
03f9bd851bb279e45b8bb81e862206499d29b6ff1c7a2b6bf67e4d7c8450af8f