CVE-2008-2329
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
Date published : 2008-09-16
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html