CVE-2022-25372

CVE-2022-25372 – Pritunl Client (Windows) : Local privilege escalation in Pritunl Client up to version 1.2.3019.52 due to a missing privilege restriction for CREATOR OWNER in platform_windows.go. This allows a local attacker to elevate privileges on the host. Connected sources confirm the issue a...

Design/Logic Flaw

Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames wil...

CVE-2020-25200

Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames wil...

CVE-2020-25200

Pritunl VPN Server 1.29.2145.25 contains a username enumeration flaw in the /auth/session login endpoint. The issue arises from distinct error responses (401 vs. 400 after 20 valid usernames), enabling an attacker to verify valid usernames over the network. Affected component: /auth/session authe...

CVE-2016-7064

A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage...