Authd allows attacker-controlled usernames to yield controllable UIDs
CVE description: Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. —– original report —–