If it used one of the standard system APIs for looking up user accounts (e.g. getpwnam(3)), there's no way it can happen.
This is incredibly bad engineering, on level of a SQL injection, in 21st century. Something a highschool student experimenting with scripting could come up with, but not a supposedly professional software company.
If it used one of the standard system APIs for looking up user accounts (e.g. getpwnam(3)), there's no way it can happen.
This is incredibly bad engineering, on level of a SQL injection, in 21st century. Something a highschool student experimenting with scripting could come up with, but not a supposedly professional software company.