Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new".