Exploit:

   Try 'rsh victimhost -l realuser ls' and
       'rsh victimhost -l nosuchuser ls'.
   The error reported is different.

   Therefore, it's possible to determine which account
   names are valid.