When using the internal user list for authentication, log in as an administrative user and create a user. Then delete the user, and create a new user with the same name (for a password reset for example). Now the user list shows two entries for that username. Repeat the delete and create, and now there are three entries, etc. The user can log in with the most recent password, but if the user was listed as an administrator, they will not have administrator privileges.
When using the internal user list for authentication, log in as an administrative user and create a user. Then delete the user, and create a new user with the same name (for a password reset for example). Now the user list shows two entries for that username. Repeat the delete and create, and now there are three entries, etc. The user can log in with the most recent password, but if the user was listed as an administrator, they will not have administrator privileges.