A low privileged remote attacker may have access to forbidden diagnostic data due to incorrect permission assignment for critical resource.