2008-03-05 23:00:00
mitre
PUBLISHED
Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.