Please confirm if we should proceed with raising this request to the Joomla core team via their official GitHub issue tracker.

you just did

Ok. The request should be categorized as a Feature Request / Documentation Clarification, as this behavior appears to be by design rather than a functional bug.

Usernames are typically non case sensitive on all systems as otherwise it would be easy to impersonate another user

Agreed. Usernames are typically treated as non case-sensitive across most systems to prevent impersonation and to improve usability.

Our observation was mainly from a clarification and documentation perspective, as some enterprise systems and security audits expect this behavior to be explicitly stated. The intent was not to flag this as a defect, but to ensure the behavior is clearly understood and documented.

Based on this clarification, we can treat this as expected behavior and proceed only if a documentation note or optional configuration is deemed necessary.

i dont see the need to document something that is an industry wide standard

Understood. However, I would like to seek clarification with a real-world comparison.

In many banking and financial applications, if a user is registered with the username “mahesh”, logging in with “mahESH” or any other case variation is typically not allowed, as usernames are treated as case-sensitive for stricter identity validation.The intent here is not to challenge the implementation, but to understand how Joomla’s design aligns with systems that enforce stricter authentication policies.

In default installation username is case insensitive.

#__users table uses utf8mb4_unicode_ci where _ci stands for case insensitive.
It can be case sensitive only when administrator change collation manually to case sensitive.

Passwords is encrypted hash. The result is always case sensitive.