new gui logon displays usernames as red or green - is this secure?
While trying out the new gui at logon ("Demo our upcoming UI!"), I noticed that the username box change color from blue to either green or red depending on what username I put in. I don't know if this is an intended feature or not, but I wonder if this gives away information to a potential attacker?
I say this because if I put in a random name: batman, mary.poppins, nebuchadnezzar, ... the username box will stay green, allowing me to put in a password and click the "Sign In" button. Which of course doesn't work, because none of those accounts exist on the box. Which is fine. But, if I put in the name of a non-built-in-user that I know won't be able to logon (re: https://bugs.freenas.org/issues/23853), the username box appears as red.
Ok, sure, the account can't logon, but an attacker may now have knowledge of a username on the system which can potentially be exploited by other means.
Maybe this is intended, and I'm just missing the point, but if not, perhaps that can change?