Hi there,
Disclosing that information weakens the security of the system, as it makes brute force login attacks easier. Without this info, an attacker needs to guess both the username and password, while with it she only needs to guess the password. I have not seen any system that discloses this by default in MANY years, so if there is a way, it's most likely only because someone deliberately enabled it. Examples of such tools include finger, telnet, and some FTP versions.
Regards,
Clifford
|