Back to search
CVE-2020-25200
Published: Oct 1, 2020
Modified: Nov 18, 2024
PUBLISHED
Description
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://pritunl.com
x_refsource_MISC
https://pritunl.com/security
x_refsource_MISC
https://github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now