2 matches found
Pritunl VPN Server 1.29.2145.25 - Username Enumeration
Pritunl 1.29.2145.25 contains a username enumeration issue caused by different error responses in /auth/session login attempts, letting attackers verify valid usernames, exploit requires network access to the login endpoint. id: CVE-2020-25200 info: name: Pritunl VPN Server 1.29.2145.25 - Usernam...
PT-2020-16013
Name of the Vulnerable Software and Affected Versions Pritunl version 1.29.2145.25 Description The issue allows attackers to enumerate valid VPN usernames via a series of "/auth/session" login attempts. Initially, the server returns error 401. However, if the username is valid, then after 20 logi...