Limesurvey prior to 3.17.14 allows remote malicious users to bruteforce the login form and enumerate usernames when the LDAP authentication method is used.
limesurvey limesurvey