• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 15th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Surveillance » Privacy » Critical Vulnerability in VPN Exposes User’s Real IP Address to Attacker

Critical Vulnerability in VPN Exposes User’s Real IP Address to Attacker

November 28th, 2015 Agan Uzunovic Privacy, Security 0 comments
Critical Vulnerability in VPN Exposes User’s Real IP Address to Attacker
Share on FacebookShare on Twitter

Researchers have found a vulnerability in VPN networks that could allow hackers or scammers to access real IPs of the users.

Though, for the vulnerability to actually work there are some special conditions that are needed to be fulfilled but for hackers that are not something difficult.

What researchers found was if a VPN provider allows port forwarding (which is mostly allowed by VPN providers) on the user’s account and attackers know the exit IP of the user he can easily reveal user’s original IP.

Exit IP is very easy to find for the hackers as they can be acquired via public IRCs, torrent connection or even sites hijacked by the hackers (by making the user visiting one of the hijacked websites, hackers can get hold of his exit IP).

Once the hackers have the exit IP they just need to have an account on the same VPN service as the user and they are done with setting up the attack.

Now if the hackers can make the user access a resource hosted on the same VPN server, he can reveal user’s address with the help of internal routing table and port forwarding setting.

[fullsquaread][/fullsquaread]

Researchers at Perfect Privacy tested this scenario on nine of the most popular VPN providers, five of them obliged to the scenario created and revealed user’s IP. VPN providers are notified of this vulnerability and have started working on fixing it.

Providers like OpenVPN, PPTP, or IPSec are by default affected because they are structured on OSI model and vulnerability works on the lower network of this model.

Researchers have recommended providers to:

* Use multiple IP addresses

* Allow incoming connection at IP1 and exit at IP2-IPx

* Allow port forward at IP2-IPx and not at IP1

* Don’t use Man-in-the-Middle IP for port forwarding operations

Also, they have asked VPN providers to install a server-side firewall to block real IP address to any port-forwarded connection that is other than user’s own.

But, with the market of VPN providers expanding each day many users might affect by this vulnerability.

[src src=”Source” url=”https://www.perfect-privacy.com/blog/2015/11/26/ip-leak-vulnerability-affecting-vpn-providers-with-port-forwarding/”]Perfect Privacy[/src] 

  • Tags
  • Anonymity
  • Flaw
  • Hacks
  • internet
  • IP
  • Privacy
  • security
  • Tech
  • VPN
  • Vulnerability
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Pro-ISIS Group Hacks Richland County Veterans Services Website
Next article Couple Arrested For Providing Malware Encryption Service To Cyber Criminals
Agan Uzunovic

Agan Uzunovic

Agan Uzunovic is a Bosnian journalist who is working for the country's largest newspaper. He has a keen interest in reporting on activism and hacktivism. He is also a contributor at U.S based Revolution News media. Agan reports and writes for HackRead on IT security related topics.

Related Posts
"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

Plundervolt: A new attack on Intel processors threatening SGX data

Plundervolt: A new attack on Intel processors threatening SGX data

2.7 billion email addresses & plain-text passwords exposed online

2.7 billion email addresses & plain-text passwords exposed online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Popular forms of cybercrime you should be aware of
Cyber Crime

Popular forms of cybercrime you should be aware of

430
70% of the entire US population is now on Facebook
Technology News

70% of the entire US population is now on Facebook

325
Hundreds of counterfeit branded shoe stores hacked with web skimmer
Cyber Crime

Hundreds of counterfeit branded shoe stores hacked with web skimmer

307
NGINX office in Moscow raided by police
Cyber Events

NGINX office in Moscow raided by police

1372

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us