rdiffweb is vulnerable to denial of service. The vulnerability exists because a fixed length has not been defined for username input parameters which allows an attacker to enter long string values that may result in memory consumption leading to a crash of the application.