VYPR

Pritunl

by Pritunl

CVEs (2)

  • CVE-2020-25200MedOct 1, 2020
    risk 0.35cvss 5.3epss 0.07

    Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400.…

  • CVE-2020-27519HigApr 30, 2021
    risk 0.00cvss 7.8epss 0.00

    Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged…