NordVPN and ProtonVPN: Watch 0Day

Security researchers have discovered vulnerabilities in popular private networks (VPN), VPN (ProtonVPN and NordVPN), which allows potential intruders to run malicious code.

Last week, Cisco Talos researchers announced security flaws, CVE-2018-3952 and CVE-2018-4010, which allow code to be executed by attackers on machines running Windows.NordVPN

The points are similar to the Windows privilege escalation security flaw disclosed by VerSprite, and has been documented as CVE-2018-10169.

The vulnerabilities are supposed to have been fixed in April, but according to Talos, "despite the fix, it is still possible to run code as an administrator on the system."

The initial vulnerability was caused by design issues on both VPN clients. The UI of the NordVPN and ProtonVPN programs runs binaries with the permission of the logged in user. This user has the option to configure the VPN.

This information is sent to the service when it is done to “connect” via an OpenVPN configuration file. However, VerSprite was able to create a fake OpenVPN file that could be uploaded to the service, and run.

"The 'Connect' method accesses an instance that gives the attacker access to the OpenVPN command line," the vulnerability description reads. “The attacker can specify a dynamic plugin to run for each new VPN connection. This plugin will be able to run code as a SYSTEM user. ”

Malicious content in the OpenVPN file could lead to VPN breach, information leakage, and hijacking with the appropriate commands.
Both VPN services updated their code by adding a control mechanism for the contents of the OpenVPN configuration file.

However, Cisco Talos reports that the code that was implemented had a small flaw that allows attackers to bypass the repair.

The first bug, CVE-2018-3952, affects NordVPN, a company that serves over a million users worldwide. The second bug, CVE-2018-4010, concerns the ProtonVPN service, a relatively new VPN that started as .
_______________________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

adwarethrough crowdfundingdynamicI'm surelibrary

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).