A security vulnerability exists in ZOHO ManageEngine Password Manager Pro, a password manager from ZOHO USA, which stems from the fact that Zoho ManageEngine Password Manager Pro allows login/AjaxResponse.jsp?RequestType=GetUserDomainName & userName= Username enumeration, because the response (to a failed login request) is empty only when the username is invalid. An attacker could exploit this vulnerability to obtain sensitive information.