Nord Security: Denial of Service with Cookie Bomb

Summary: This is Denial of Service attack by using which an attacker can make an user unable to access nordvpn.com website. For more information you can read this article. https://blog.innerht.ml/tag/cookie-bomb/ Steps To Reproduce: This will usually work on user's fresh session for which we can...

Nord Security: CORS Misconfiguration on nordvpn.com leading to Private Information Disclosure,Account takeover

Summary: An cross-origin resource sharing CORS policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of th...

Nord Security: DoS of https://nordvpn.com/ via CVE-2018-6389 exploitation

There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details Detailed attack scenario is described for example here:...