It's possible to bypass authentication process by sequence of specially crafted RPC calls.
vulners.com/securityvulns/securityvulns:doc:5119
vulners.com/securityvulns/securityvulns:doc:5129