Avoiding User Enumeration

If an attacker can probe your site to test whether a username exists, it gives them a leg up in trying to hack your users’ accounts.

Risks

Prevalence
Common
Rating prevelance on Rating prevelance on Rating prevelance on
Exploitability
Easy
Rating exploitability on Rating exploitability on Rating exploitability on
Impact
Worrying
Rating impact on Rating impact on Rating impact on

Allowing enumeration of usernames is not a vulnerability in itself, but in tandem with other types of vulnerabilities – like the ability to brute-force login – it will compromise the security of your users.