Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."
https://exchange.xforce.ibmcloud.com/vulnerabilities/30762
http://www.vupen.com/english/advisories/2006/4878
http://www.securityfocus.com/bid/21460