Mac OS X 10.11.6
MacBook Pro (Retina, 15-inch, Mid 2015)
CPU 2.5 GHz Intel Core i7
RAM 16 GB 1600 MHz DDR3
An unauthorised user should not be able to obtain any information from the debugger.
What actually happens:
The debugger reveals the call stack to an unauthorised user.
Using FMPA, open the debugger and then run a script. In my testing I was attempting to view the login process. So, with the file closed I opened the debugger window. Then I opened the file.
In the first instance I tried to login using an account which was not in the file. The script debugger does not reveal anything to the user.
In the second instance I used a valid account which did not have full access privileges. When I do this the script debugger begins to leak information. I am able to see the names of the scripts being used in the file open sequence.