When you log into Windows Administration Console with a valid username and incorrect password, it displays an error indicating the password was wrong. This behavior can be used to create a list of valid users that may result in undesired information disclosure.
Perform the following steps to display a login failure message without revealing whether it was due to invalid username or incorrect password:
Open the iManager C:\Program Files (x86)\Novell\Tomcat\webapps\nps\WEB-INF\config.xml file.
Set the following to true:
<setting>
<name><![CDATA[Authenticate.Form.HideLoginFailReason]]></name>
<value><![CDATA[false]]></value>
</setting>