I have noticed that I get different login errors depending on if a valid user name exists in the back end LDAP database. If I enter a valid user name and a bad password I see "Invalid Credentials", if I enter an invalid user name I get "You must specify a valid username and password". This would allow someone to run a pretty simple brute force login attack to generate a list of all users in a LDAP database. Is there a way to generate the same error message for any type of failure? I am running SugarCE-Full-5.0.0g on Red Hat 5.