Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

VPN users be aware , Port Fail flaw can reveal your identity

Security experts at the VPN provider Perfect Privacy discovered a new vulnerability dubbed Port Fail that could be exploited to de-anonymize VPN users. Security experts at the VPN provider Perfect Privacy discovered a new vulnerability dubbed Port Fail which affect all VPN (Virtual Private Network) protocols and operating systems. An attacker can exploit the Port Fail flaw […]

Russia VPN services

Security experts at the VPN provider Perfect Privacy discovered a new vulnerability dubbed Port Fail that could be exploited to de-anonymize VPN users.

Security experts at the VPN provider Perfect Privacy discovered a new vulnerability dubbed Port Fail which affect all VPN (Virtual Private Network) protocols and operating systems. An attacker can exploit the Port Fail flaw to reveal the real IP-addresses of VPN users,  including BitTorrent users.

Experts at Perfect Privacy tested nine VPN providers out of which five were found to be vulnerable to the Port fail flaw, the providers Private Internet Access (PIA), Ovpn.to and nVPN have fixed the issue before publication.

The experts at Perfect Privacy explained that the vulnerability is a simple port forwarding issue that affects all the services that implement the “port forwarding” feature and that doesn’t implement any defensive mechanism. The Port Fail affects all VPN protocols including the IPSec, OpenVPN, PPTP.

“We have discovered a vulnerability in a number of providers that allows an attacker to expose the real IP address of a victim. Port Fail affects VPN providers that offer port forwarding and have no protection against this specific attack.” Perfect Privacy wrote in a blog post on Thursday.

Basically, if the attacker uses the same VPN as the victim, then the real IP-address of the targeted user can be exposed by forwarding Internet traffic to a specific port. A successful Port Fail attack also required to know the victim’s VPN exit IP address, an information that is quite easy to discover by tricking a victim into visiting a website control controlled by the attacker.

VPN port fail 2

“The crucial issue here is that a VPN user connecting to his own VPN server will use his default route with his real IP address, as this is required for the VPN connection to work,” continues the post.

The attack works also against BitTorrent users and in this attack scenario there is no need for the attacker to redirect the victim to their page, the attacker only with the activated port forwarding for the default BitTorrent port can discover the real IP-address of a VPN user that share the same network.

The VPN affected by the vulnerability were already alerted by the company, but there is the risk that many other providers suffer the issue.

“other VPN providers may be vulnerable to this attack as we could not possibly test all.” states Perfect Privacy.

I suggest you giving a look to a blog post published by the penetration tester Darren Martyn describing the Port Fail attack scenario against Torrent users.

“I believe this kind of attack is probably going to be used heavily by copyright-litigation firms trying to prosecute Torrent users in the future, so it is probably best to double check that the VPN provider you are using does not suffer this vulnerability,” explained Martyn said.

Pierluigi Paganini

(Security Affairs – VPN, Port Fail)