Cyber Security News

AtlasVPN Zero-day Vulnerability Leaks the users IP Address

by Esmeralda McKenzie
written by Esmeralda McKenzie
AtlasVPN Zero-day Vulnerability Leaks the users IP Address

AtlasVPN Zero-day Vulnerability Leaks the users IP Address

AtlasVPN Zero-day Vulnerability Leaks the customers IP Address

A Severe 0-day vulnerability was chanced on in AtlasVPN for Linux, which is able to disconnect the AtlasVPN and leak the user’s IP take care of.

The AtlasVPN, operating a daemon on Linux, additionally runs an HTTP server for accepting CLI (Expose Line Interface) instructions. Right here’s sure with 127.0.0.1:8076 by default.

It was chanced on that this HTTP server does no longer have any authentication when operating instructions. The HTTP server runs the 127.0.0.1:8076/connection/pause endpoint that can receive a POST query. This would maybe even be extinct for disconnecting the AtlasVPN.

AtlasVPN Zero-day vulnerability

AtlasVPN runs a daemon that manages the connection and a consumer that the user uses for connecting, disconnecting, and itemizing the companies and products. As a replace of connecting with a local socket, the customer opens an API on localhost on port 8079, which lacks authentication.

Due to this fact, this port would possibly maybe perchance also be accessed by any program that runs on the Linux machine. It is miles additionally that you will seemingly be succesful of be in a position to ponder for likelihood actors to bustle any malicious web sites that has a script for disconnecting the AtlasVPN, as there would possibly maybe be now not any authentication for accessing the endpoint.

As well to this, one other malicious script would possibly maybe perchance also be incorporated, which is able to additionally leak the AtlasVPN user’s IP take care of.

CORS bypass

Even though there would possibly maybe be a lack of authentication to the endpoint, CORS (Corrupt-Foundation Handy resource Sharing) is without doubt one of the safety systems that protects from leaking records to external sources. Nonetheless, CORS is bypassed for the reason that query meets the definition of a Easy query talked about by Mozilla.

Some requests don’t trigger a CORS preflight. These are called straightforward requests from the primitive CORS spec, though the Get spec (which now defines CORS) doesn’t use that term.” reads the documentation by Mozilla.

A user named Tutorial-design-8145 on Reddit publicly launched an exploit, and one other user supplied a proof-of-theory.

Users of this product are suggested to upgrade to basically the most modern version, 1.0.3, to repair this vulnerability.

Source credit : cybersecuritynews.com

Related Posts

Google Chrome 127 Released With Fix for Vulnerabilities...

CrowdStrike Details Incident Affected Millions of Windows Systems...

IPFire Unveils New Feature to Protect Systems from...

Play Ransomware Variant Attacking Linux ESXi Servers

Google Researchers Detailed Tools Used by APT41 Hacker...

Threat Actors Hijacking Facebook Accounts With Password Stealing...

Weekly Cyber Security News Letter – Data Breaches,...

CrowdStrike Releases Fix for Updates Causing Windows to...

Cisco Smart Software Manager Flaw Let Attackers Change...

Killer Ultra Malware Attacking EDR Tools From Symantec,...