CVE-2018-20170

** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor feels that the benefit to changing this might be too small relative to the performance degradation.

Source: CVE-2018-20170