4 matches found
CVE-2024-25728
ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers, which may allow remote attackers to obtain sensitive information about...
CVE-2024-25728
ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers, which may allow remote attackers to obtain sensitive information about...
CVE-2024-25728
ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers, which may allow remote attackers to obtain sensitive information about...
CVE-2024-25728
ExpressVPN has a DNS leakage issue on Windows for versions prior to 12.73.0 when split tunneling is enabled. The VPN forwards DNS requests according to Windows’ configuration (e.g., to ISP DNS servers) rather than to ExpressVPN’s DNS servers, which may allow remote attackers to infer websites vis...