An insufficient configuration of the service allows an extension of the rights on the system level.