Netsparker identified a Windows username disclosure in the error message.
An attacker can perform brute-force or dictionary-based password guessing on the disclosed username. It may also help the attacker identify other vulnerabilities or further their exploitation of other identified vulnerabilities.
Error messages should be disabled.
Remove this kind of sensitive data from the output.