CVE-2020-25200
pypi/pritunl
Information Exposure
Pritunl allows attackers to enumerate valid VPN usernames via a series of /auth/session
login attempts. Initially, the server will return err However, if the username is valid, then login attempts, the server will start responding with err Invalid usernames will receive err indefinitely.
Version 1.29.2145.25
Unfortunately, there is no solution available yet.
2020-10-21
source |