An issue exists in Joomla! 3.9.0 up to and including 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.
joomla joomla\\!