The NT auth module in OpenAM prior to 14.6.6 allows a "replace Samba username attack."
openidentityplatform openam