CVE-2020-25200: Information Exposure

October 1, 2020 (updated July 21, 2021)

Pritunl allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return err However, if the username is valid, then login attempts, the server will start responding with err Invalid usernames will receive err indefinitely.

References

nvd.nist.gov/vuln/detail/CVE-2020-25200
pritunl.com/
pritunl.com/security

Code Behaviors & Features

Detect and mitigate CVE-2020-25200 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →