diff --git a/include/Webservices/Login.php b/include/Webservices/Login.php
index 0d62473bf62ae4581b25059bdfe7515a60317a00..e31bd05a21cb7955350adb7ed37b54d78bc4560d 100644
--- a/include/Webservices/Login.php
+++ b/include/Webservices/Login.php
@@ -31,7 +31,9 @@
 		if($user->status != 'Inactive'){
 			return $user;
 		}
-		throw new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,'Given user is inactive');
+		// Finer exception message could be handy to enumeration attacks - so normalize it. 
+		//throw new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,'Given user is inactive');
+		throw new WebServiceException(WebServiceErrorCode::$INVALIDUSERPWD,"Invalid username or password");
 	}
 	
 	function vtws_getActiveToken($userId){
@@ -60,4 +62,4 @@
 		return null;
 	}
 	
-?>
\ No newline at end of file
+?>