The host is installed with Apple Mac OS X Server before 10.6.3 and is prone to an username enumeration vulnerability. A flaw is present in the application, since it displays different responses to login attempts, depending on whether or not the username exists. Successful exploitation could allow remote attackers to discern valid usernames.