CVE-2008-1166
Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.
Date published : 2008-03-05
http://www.securityfocus.com/archive/1/489020/100/0/threaded