The web console login form returned two different errors for non-existent users and invalid password attempts, allowing an attacker to discover the names of valid user accounts.
This issue has been addressed in the following products: Red Hat Virtualization 4 for RHEL-7 Via RHSA-2018:1525 https://access.redhat.com/errata/RHSA-2018:1525