authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows remote attackers to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter.