[*] Testing GET /api/v1/credential/users (no auth)...
    Status: 200
    Response: {"status": {}, "usernames": ["root", "admin", "attacker_user"]}

[VULNERABILITY CONFIRMED] REST API accessible without auth!
    -> User list leaked without authentication