The flaw allows you to disclose the ip-addresses of clients VPN-providers

On November 26, VPN security provider Perfect Privacy discovered a VPN vulnerability that could lead to the discovery of users ’IP addresses. The attack works by port forwarding. According to the statements of specialists, all VPN implementations are vulnerable (IPSec, OpenVPN, PPTP, and others), and does not depend on the operating system.

To successfully launch an attacker, an attacker must create an account with the same VPN provider as the victim. Then you need to know the output ip-address of the victim. Often, VPN providers use a small pool of output addresses — you can sort them out, lure the victim to a specially created website, which will give out its output ip-address, or take the addresses from the torrent-clicker.
')
Then the attacker activates port forwarding in his own hands — no action is required from the victim, and it does not matter whether such a redirect works for her or not. And finally, the victim must feed any resource whose url indicates the port to which the redirection is going.

Technical details of the experts include the following:

1. The victim is connected to the VPN server 1.2.3.4
2. Her routing table would be something like this: 0.0.0.0/0 -> 10.0.0.1 (the address of the internal VPN gateway), 1.2.3.4/32 -> 192.168.0.1 (the old default gateway)
3. The attacker connects to the same server 1.2.3.4, already knowing the output ip-address of the victim
4. It activates port forwarding on server 1.2.3.4, for example, on port 12345
5. He lures the victim to make a request for 1.2.3.4:12345 (for example, by including the code <img src = http: //1.2.3.4: 12345 / x.jpg> in the page)
6. The established connection will reveal the IP address of the victim, due to the routing “1.2.3.4/32 -> 192.168.0.1”

The essence of the problem is that in order for the VPN to work properly, at some point the victim has to use his real ip-address. Perfect Privacy has already offered its own solution to the problem, which providers must implement - both on the server side and in the client settings.

According to experts, of the nine popular VPN providers they tested, a similar vulnerability was found in five. Among them were Private Internet Access (PIA), Ovpn.to and nVPN. The PIA has already promptly fixed the problem, and even awarded its competitor a cash prize of $ 5000 under the Whitehat Alert Security Program.

VPN (Virtual Private Network), virtual private network - a set of technologies that allow you to provide one or more network connections on top of another network. The level of trust in the constructed logical network does not depend on the level of trust in the underlying networks due to the use of encryption. Most often, VPNs are used to access remotely working employees to the corporate network.

Also, VPN is very popular among those who like to download movies, music and other non-legal content from the Internet, because it helps to hide your real ip-address and encrypts traffic, which makes it difficult to listen to the channel. Often, VPN providers have several servers in different countries, thanks to which VPN helps to bypass the blocking of resources imposed by providers at the request of the authorities.