User enumeration at login
Created by: xTibor
login program is vulnerable to user enumeration. It only asks for a password and does a timeout when the specified user account exists, thus allowing malicious actors to brute force the possible users at a rate of hundreds of usernames per second. (when login asks for a password = valid user on the system).
Possible fix: Ask for a password and do a timeout even the specified user doesn't exist.