CVE-2020-25200

Information Exposure in pypi/pritunl

Identifiers

CVE-2020-25200

Package Slug

pypi/pritunl

Vulnerability

Information Exposure

Description

Pritunl allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return err However, if the username is valid, then login attempts, the server will start responding with err Invalid usernames will receive err indefinitely.

Affected Versions

Version 1.29.2145.25

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-10-21

source