Malicious code in nord-security-task (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42ffe2bd7d3ef7fd741f0a023ccfc4b06f7d44240710724da3048ed61dc1e7e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Nord Security: Stored XSS at nordvpn.com

Vulnerability description not provided...

Nord Security: Incorrect control of the trial period

The report by @corryl identified an issue with service expire time validation. A user was able to bypass the subscription period validation checks which in turn allowed a user to use our service for free for a certain time...

Nord Security: The Linux binaries (nordvpn and nordvpnd) don't use PIE/ASLR

Summary: The Linux binaries nordvpn and nordvpnd don't have PIE/ASLR enabled. A such feature is used to harden programs against the exploitation of memory corruption bugs and should be enabled. The use of ASLR has long been debated among the Golang community. However, it seems that it's becoming...

Nord Security: Account deletion requests not entirely honoured. Misinformation even after seeking clarification from customer support.

Summary: Requesting account deletion from NordVPN customer support that is supposed to have "removed your account from our database." does not truly remove account from database. Even after asking if critical information such a billing information is removed, which customer support confirms...

Nord Security: NordVPN Android Application privacy violation due to Google Advertising Identifier misuse

The researcher reported an issue regarding somewhat incorrect GAID usage integration in our application. The concerns were valid and properly addressed by our team...

Nord Security: Misconfigured web directory allows to retrieve public proxy list

The reporter has identified a misconfigured web directory that displays NordVPN public proxy list and corresponding port numbers, which is not a vulnerability rather a piece of outdated information that was left unattended...

Nord Security: Past payments using the Direct Debit method keep subscriptions active even if payments fail

I think this is a vulnerability that has no impact but it violates I found many accounts that are actively subscribed even though the payment failed, this is because the payment uses the Direct Debit method, and you have deleted it. Because Direct Debit payments have been deleted and no longer wo...

Nord Security: nordvpn Linux Desktop executable application does not use pie / no ASLR

Summary: The nordvpn Linux binary application is not compiled as position independent code or position independent Executable. Steps To Reproduce: POC: $file /usr/bin/nordvpn /usr/bin/nordvpn: ELF 64-bit LSB executable, x86-64, version 1 SYSV, dynamically linked, interpreter...

Nord Security: Clickjacking at join.nordvpn.com

PoC at attach Create a new HTML file Put Save the file Open document in browser Impact https://www.owasp.org/index.php/Clickjacking...

Nord Security: User password left in memory in plain text after GUI launch

Summary When NordVPN GUI has sensitive data in memory and has no further need for it, it should wipe the data out of its memory, in case malware later gains access to the NordVPN process or the memory is swapped out to disk or written into a crash dump file. An obvious example of this is the user...

Nord Security: Host header injection/redirection | signup and login page

Hey Team. There's a host header injection vulnerability in signup and login page. If possible, the application should avoid incorporating user-controllable data into redirection targets. In many cases, this behavior can be avoided in two ways: Remove the redirection function from the application,...

Nord Security: IDOR allow access to payments data of any user

simple send this POST request no need any auth: POST /api/v1/orders HTTP/1.1 Host: join.nordvpn.com Accept: application/json Accept-Language: en-US,en;q=0.5 Content-Type: application/json Content-Length: 179 DNT: 1 Connection: close...

Nord Security: CSRF to change password

Description Cross-Site Request Forgery CSRF is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. I have found CSRF to change...