It's possible to accesss configuration data including cleartext passwords without any authentication.
vulners.com/securityvulns/securityvulns:doc:7648