File access does not dependant on authentication, making it's possible to bypass authentication for file access.
CVE:
CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function.)
