There are existing tools like snmpv3enum.rb and snmpwn which are able to list valid v3 users with SNMP++, so in the end only the password has to be guessed by brutforce, which is much easier than guessing the username additionally.
Is there a way to fix this weakness in SNMP++?
This question is not related to SNMP++, as SNMP++ is a SNMP protocol API and not an command responder application API/implementation. So, you mean probably AGENT++ instead.
With AGENT++ you can simply configure your VACM to not allow noAuthNoPriv access at all to your agent/command responder. That’s all.
In any case, hiding the user-names is not a real protection, because the entropy of usernames is anyway much worse than those of good passwords (hashes).
Thanks for the hint with blocking noAuthNoPriv, with that the script can’t enumerate users anymore.