Observable Response Discrepancy in Flask-AppBuilder

User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in...

Dropbear SSH server timing attacks

Different timings for existent and nonexistent users...