What is CVE-2020-25200?

CVE-2020-25200 is a vulnerability in N/a. Published 2020-10-01.

Is CVE-2020-25200 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-25200

Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server w…

EPSS: 0.730 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

lukaszstu/pritunl-CVE-2020-25200
0xT11/CVE-POC
20142995/nuclei-templates
cyb3r-w0lf/nuclei-template-collection
developer3000S/PoC-in-GitHub
hectorgie/PoC-in-GitHub
nomi-sec/PoC-in-GitHub

References

pritunl.com (x_refsource_MISC)
pritunl.com/security (x_refsource_MISC)
github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-25200?: CVE-2020-25200 is a vulnerability in N/a. Published 2020-10-01.
Is CVE-2020-25200 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.