Gregory's ServerYikes.. 2019 even.. Reminds me of discovering something i called super-root that allowed any monitored system to gain full read write and execute privileges on everything else monitored over the monitoring message bus via the local agent.
They used IP address for ID validation when validating source in an auth token, then just wrote a bypass to ignore that when they needed to make monitoring work across NAT. It took years to beat a proper fix out of them.