Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files.