laravel/framework is vulnerable to Timing Attacks. The vulnerability exists in the hasValidCredentials
function of SessionGuard.php
due to the fact that a successful login request takes more time then a unsuccessful request due to HTTP/2 multiplexing, which allows an attacker to enumerate users via a timeless timing attack.