I believe I was thinking that an authenticated user would be able to guess easier than a remote non-authenticated user. I'm fine with classifying this as C1 since it really does depend on UUID guessing.
I believe I was thinking that an authenticated user would be able to guess easier than a remote non-authenticated user. I'm fine with classifying this as C1 since it really does depend on UUID guessing.