rdiffweb is vulnerable to Information Disclosure. The vulnerability exists in set_password
method in store.py
where a remote unauthenticated attacker is able to gain access to sensitive user information through the default error page due to insufficient checks.