← volver
CVE-2020-25200

CVE-2020-25200

EPSS 7.5%
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS EPSS 7.5%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
01 oct 2020Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design
Productos afectados
n/a · n/a