CVE-2020-25200

MEDIUM NUCLEI

Pritunl - Information Disclosure

Title source: rule

Description

Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design

Exploits (2)

nomisec WRITEUP 4 stars

by lukaszstu · poc

https://github.com/lukaszstu/pritunl-CVE-2020-25200

View Code ZIP pw:eip

gitlab SCANNER

by c2at3 · poc

https://gitlab.com/c2at3/cve-2020-25200

View Code ZIP pw:eip

Nuclei Templates (1)

Pritunl VPN Server 1.29.2145.25 - Username Enumeration

MEDIUMVERIFIEDby pussycat0x

Shodan: http.title:"pritunl"

FOFA: title="pritunl"

References (3)

[Exploit, Third Party Advisory] https://github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200

[Vendor Advisory] https://pritunl.com

[Vendor Advisory] https://pritunl.com/security

Scores

CVSS v3 5.3

EPSS 0.5739

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-203

Status published

Products (1)

pritunl/pritunl 1.29.2145.25

Published Oct 01, 2020

Tracked Since Feb 18, 2026