The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames.
https://exchange.xforce.ibmcloud.com/vulnerabilities/24706
http://www.securityfocus.com/bid/16579
http://www.debian.org/security/2006/dsa-967
http://secunia.com/advisories/18783