No Comments

OpenVPN, WireGuard and OpenConnect flaw

 

VPN users worldwide face a new threat known as port shadowing, which enables attackers to intercept and manipulate connections. They potentially directing users to malicious sites. Researchers from multiple universities presented this finding at the Privacy Enhancing Technologies Symposium 2024 in England, ongoing until the 2024/07/20.

The vulnerability affects OpenVPN, WireGuard, and OpenConnect software running on Linux and FreeBSD.

In port shadowing attacks, attackers can send specially crafted packets to the VPN server from their own connection or a remote location on the Internet, potentially impacting other users on the same server. The researchers coined the term “port shadowing”to describe how attackers conceal their information within a victim’s port. It facilitates activities like eavesdropping, port scanning, or connection hijacking, as outlined in their 18-page paper.

VPN servers utilize a connection tracking framework to manage traffic between connected users, offering significant control over packet handling. The researchers, however, highlighted this framework’s shared nature among all connected users can be exploited by malicious actors to redirect packets in unauthorized ways.

“While VPNs generally enhance security, certain vulnerabilities like port shadowing can expose users to risks such as eavesdropping or connection hijacking,” the researchers warned. Currently, no security update is available for this issue, but VPN providers can mitigate risks by implementing firewall rules. Alternatively, users can adopt protocols like ShadowSocks or Tor as temporary solutions.

The issue was already known within OpenVPN, and it was identified with the CVE-2021-3773 bug number when it was discovered. Which has a severity rating of 9.8 out of 10. Notably, VPN providers such as NordVPN, ExpressVPN, and Surfshark, which utilize OpenVPN or WireGuard, are not vulnerable to CVE-2021-3773.


Source: Ciso Advisor

Read other news at our blog

You might also like
News, Security
News, Security

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.