Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-25200

EPSS 57.39% · P98
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-25200

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
pritunl 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
pritunl是个人开发者的一款基于Open VPN协议的分布式企业vpn服务。该产品提供可视化的Vpn连接状态。 Pritunl 1.29.2145.25 版本存在信息泄露漏洞,攻击者可利用该漏洞通过一系列/认证/会话登录尝试来枚举有效的VPN用户名。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2020-25200

#POC DescriptionSource LinkShenlong Link
1pritunl-CVE-2020-25200https://github.com/lukaszstu/pritunl-CVE-2020-25200POC Details
2Pritunl 1.29.2145.25 contains a username enumeration issue caused by different error responses in /auth/session login attempts, letting attackers verify valid usernames, exploit requires network access to the login endpoint. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-25200.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-25200

登录查看更多情报信息。

Same Patch Batch · n/a · 2020-10-01 · 22 CVEs total

CVE-2020-14223HCL Digital Experience 跨站脚本漏洞
CVE-2020-24861GetSimple CMS 跨站脚本漏洞
CVE-2020-24860CMS Made Simple 跨站脚本漏洞
CVE-2020-25990WebsiteBaker SQL注入漏洞
CVE-2020-24620Unisys Stealth(core) 信任管理问题漏洞
CVE-2020-16844Istio 安全漏洞
CVE-2020-25017Envoy 安全漏洞
CVE-2020-25018Envoy 安全漏洞
CVE-2019-19393Rittal CMC PU III 跨站脚本漏洞
CVE-2020-15533Zoho ManageEngine Application Manager SQL注入漏洞
CVE-2020-11979Apache Ant 安全漏洞
CVE-2020-9491Apache NiFi 加密问题漏洞
CVE-2020-5784Teltonika firmware 代码问题漏洞
CVE-2020-5789Teltonika firmware 路径遍历漏洞
CVE-2020-5786Teltonika firmware 跨站请求伪造漏洞
CVE-2020-5785Teltonika firmware 跨站脚本漏洞
CVE-2020-5787Teltonika firmware 路径遍历漏洞
CVE-2020-5788Teltonika firmware 路径遍历漏洞
CVE-2020-9486Apache NiFi 日志信息泄露漏洞
CVE-2020-9487Apache NiFi 访问控制错误漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2020-25200

No comments yet

Leave a comment