Before reporting an issue

[x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

organizations

Describe the bug

Hi,

This is a security issue using the Organization feature.

The issue is that if a user enters its email address, then the users account name will be prefilled in the username/password form, as the entered email address is translated into an account name.
So one can document all the accounts by just knowing the email-address.

Recommendation to fix this issue:
Dont visualize any data in the username/password form.

In our case the users account name (username) is sensitive; so please don't expose any other data then the user enters.

Version

26.4.5

Regression

[ ] The issue is a regression

Expected behavior

Dont expose any other data then the user enters.

Actual behavior

The users username is presented / exposed instead of what has been entered from the user.

How to Reproduce?

Enable Organization feature.
Enter an email address
The users account name is presented and prefilled in the username/password form

Anything else?

No response