Comment 6 for bug 596676

If I understand the bug correctly, that's only half the story.
Badlop give an example for an exploit on 15/May/09 (sic!) at https://support.process-one.net/browse/EJAB-930.
The restriction of a service - like the MUC-service in the example - is not a misconfiguration but can be set very deliberately.