authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows remote attackers to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/67082
http://www.securityfocus.com/bid/47572