cve/CVE-2020-25200.md at c8268377e12b7a97083b480752a53e33e19cac75

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

** DISPUTED ** Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design.

POC

Reference

No PoCs from references.

Github

https://github.com/0xT11/CVE-POC
https://github.com/developer3000S/PoC-in-GitHub
https://github.com/hectorgie/PoC-in-GitHub
https://github.com/lukaszstu/pritunl-CVE-2020-25200
https://github.com/nomi-sec/PoC-in-GitHub

1.1 KiB Raw Blame History

CVE-2020-25200

Description

POC

Reference

Github

1.1 KiB

Raw Blame History