default misconfiguration which could allow remote users
to determine whether a give username exists on the vulnerable system