A vulnerability, identified as CVE-2025-0693, was found in the AWS Identity and Access Management (AWS IAM) sign-in login flow. This issue allowed an actor to enumerate AWS IAM usernames by measuring server response times during login attempts. Variations in response times could reveal whether a submitted AWS IAM username existed in the account. However, username information alone is not enough to authenticate or access AWS resources. Full authentication, including account identifier, username, password, and multi-factor authentication, is required to access an account. AWS has multiple layers of protection to monitor and respond to potential misuse of sign-in endpoints. The affected versions are AWS Sign-in IAM User login flow prior to January 16, 2025. AWS introduced a delay in response times across all authentication failure scenarios to protect against valid username enumeration. No customer action is required, and customers can monitor sign-in activity using AWS CloudTrail. Rhino Security Labs collaborated on this issue through the coordinated vulnerability disclosure process.