We're updating the issue view to help you get more done. 

remote user enumeration

Description

During the initial handshake, the server replies immediately to the incorrect user name with "Access denied". But if the user name is correct, but the authentication mechanism is not - like a short scramble, when a long one is needed, or a plugin should be used - the server might reply "try different auth plugin (or scamble length)".

This allows to detect what user accounts exists in the server.

Environment

None

Status

Assignee

Sergei Golubchik

Reporter

Sergei Golubchik

Labels

None

External issue ID

None

External issue ID

None

Fix versions

Affects versions

5.2.13
5.5.28a
5.1.66
5.3.11

Priority

Major