When logging in with a username that does not exist, EteSync replies with "User not found", while it replies with "Wrong password for user." if the user exists, which allows an attacker to check if a certain user exists.