Inferring and hijacking VPN-tunneled TCP connections

We have discovered a vulnerability in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android which allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and...

OpenVPN Memory Corruption Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. freeBSD is a Unix-like operating system from the Google Foundation and the Open Handheld Alliance OHA. pts is a pseudo-terminal driver used in it. OpenBSD is a cross-platform, BSD-based, UNIX-lik...

CVE-2020-5180

Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. When a VPN connection is initiated using a TLS/SSL client...

CVE-2020-5180

Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. When a VPN connection is initiated using a TLS/SSL client...

Design/Logic Flaw

Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. When a VPN connection is initiated using a TLS/SSL client...

CVE-2020-5180

Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. When a VPN connection is initiated using a TLS/SSL client...

CVE-2020-5180

CVE-2020-5180 affects Viscosity 1.8.2 on Windows and macOS. An unprivileged user can set a subset of OpenVPN parameters, enabling loading of a malicious library into the memory of the OpenVPN process and causing limited local privilege escalation. When a VPN connection starts with a TLS/SSL clien...

Nord Security: Race condition (TOCTOU) in NordVPN can result in local privilege escalation

Summary: A vulnerability exists in the NordVPN service, which is installed as part of the NordVPN Windows app. By exploiting a race condition in the NordVPN service it is possible to launch OpenVPN with a user-supplied configuration file. By setting an OpenSSL engine name within this configuratio...

Nord Security: Potential leak of server side software at repogohi.nordvpn.com

Summary: I found a public Git Repository at https://repogohi.nordvpn.com/. It looks like the software components in this repository are part of the VPN Servers. So I'm afraid there's a certain risk. The following packages are among others publicly available: openvpn-xor2.4.5-stretch1nordamd64.deb...

CVE-2019-14899

A flaw was found in openvpn. A malicous access point or adjacent user can determine if a connected user is using a VPN by making positive inferences about the websites they are visiting, and determining the correct sequence and acknowledgement numbers in use, which allows the attacker to inject...

Linux Bug Opens Most VPNs to Hijacking

A vulnerability in most Linux distros has been uncovered that allows a network-adjacent attacker to hijack VPN connections and inject rogue data into the secure tunnels that victims are using to communicate with remote servers. According to researchers at University of New Mexico and Breakpointin...

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The...

This Week in Security News: Skimming and Phishing Scams Ahead of Black Friday and Polish Hacking Team Wins Capture the Flag Competition

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about recent skimming and phishing scams as we head into the holidays and how you can protect yourself and your organization. Also, re...

TrickBot Evolves to Go After SSH Keys

The TrickBot info-stealing malware has updated its password grabber to target data from OpenSSH and OpenVPN applications. OpenSSH is a connectivity tool for remote login with the SSH protocol; it encrypts all traffic to eliminate eavesdropping. OpenVPN meanwhile is used for secure private...

OpenVPN Connect 3.0.0.272 - agent_ovpnconnect Unquoted Service Path

OpenVPN Connect 3.0.0.272 - agentovpnconnect Unquoted Service Path Exploit Title: OpenVPN Connect 3.0.0.272 - 'ovpnagent' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-03 Vendor Homepage: https://openvpn.net Software Link :...

OpenVPN Connect 3.0.0.272 Unquoted Service Path

Exploit Title: OpenVPN Connect 3.0.0.272 - 'ovpnagent' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-03 Vendor Homepage: https://openvpn.net Software Link : https://openvpn.net/downloads/openvpn-connect-v3-windows.msi Tested Version: 3.0.0.272 Vulnerability Type:...

OpenVPN Connect 3.0.0.272 - (agent_ovpnconnect) Unquoted Service Path Vulnerability

Exploit Title: OpenVPN Connect 3.0.0.272 - 'ovpnagent' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://openvpn.net Software Link : https://openvpn.net/downloads/openvpn-connect-v3-windows.msi Tested Version: 3.0.0.272 Vulnerability Type: Unquoted Service Path Tested on...

OpenVPN Connect 3.0.0.272 - 'agent_ovpnconnect' Unquoted Service Path

Exploit Title: OpenVPN Connect 3.0.0.272 - 'ovpnagent' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-03 Vendor Homepage: https://openvpn.net Software Link : https://openvpn.net/downloads/openvpn-connect-v3-windows.msi Tested Version: 3.0.0.272 Vulnerability Type:...

OpenVPN Private Tunnel 2.8.4 Unquoted Service Path

Title: OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path Author: Sainadh Jamalpur Date: 2019-10-31 Vendor Homepage: https://openvpn.net/ Software Link: https://swupdate.openvpn.org/privatetunnel/client/privatetunnel-win-2.8.exe Version : PrivateTunnel v2.8.4 Tested on: Windows 10...

OpenVPN Private Tunnel 2.8.4 - ovpnagent Unquoted Service Path

OpenVPN Private Tunnel 2.8.4 - ovpnagent Unquoted Service Path Title: OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path Author: Sainadh Jamalpur Date: 2019-10-31 Vendor Homepage: https://openvpn.net/ Software Link:...