Medium severity5.3NVD Advisory· Published Oct 1, 2020· Updated Jun 17, 2026
CVE-2020-25200
CVE-2020-25200
Description
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. Note: This has been disputed by the vendor as not a vulnerability. They argue that this is an intended design
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Pritunl/Pritunldescription
Patches
Vulnerability mechanics
References
3- github.com/lukaszstu/pritunl/blob/master/CVE-2020-25200nvdExploitThird Party Advisory
- pritunl.comnvdVendor Advisory
- pritunl.com/securitynvdVendor Advisory
News mentions
0No linked articles in our index yet.