A zero-day vulnerability in Atlas VPN could allow malicious actors to access users' IP addresses and disconnect VPN connections.
A zero-day vulnerability in Atlas VPN could allow malicious actors to access users' IP addresses and disconnect VPN connections.
The Atlas VPN is a VPN product based on WireGuard that supports all major operating systems and offers a cost-effective VPN solution.
On Reddit, a researcher describes how Atlas VPN's Linux client, specifically version 1.0.3, has an API endpoint that listens on localhost (127.0.0.1) over port 8076.
API provides a command-line interface (CLI) for performing various actions, such as disconnecting a VPN session using http://127.0.0.1:8076/connection/stop.
Despite this, the API does not perform any authentication, meaning anyone can issue commands to the CLI, including websites you visit.
A security researcher reported an Atlas VPN Linux client vulnerability on Reddit.
The Reddit user 'Educational-Map-8145' has published a proof-of-concept exploit that abuses the Atlas VPN Linux API to reveal the actual IP addresses of users.
This PoC aims to create a hidden form that JavaScript automatically submits to connect to the http://127.0.0.1:8076/connection/stop API endpoint URL.
If this API endpoint is accessed, it terminates any active Atlas VPN sessions that hide the IP address of a user.
The PoC will connect to the api.ipify.org URL once the VPN connection has been disconnected to record the visitor's actual IP address.
Despite contacting Atlas VPN about the issue, the Reddit user claims they were ignored. Since Atlas VPN does not have a bug bounty program, public disclosure was the only alternative.
In response to the disclosure, Atlas VPN apologized to the reporter and promised to immediately release a fix for its Linux client. Linux users will be notified when the update is available.
RestorePrivacy has contacted Atlas VPN to inquire about the disclosed exploit code and whether it plans to release a fix for its Linux clients soon.
"We will implement more security checks in the development process to avoid such vulnerabilities in the future. Should anyone come across any other potential threats related to our service, please contact us via security@Atlas VPN.com," reported a representative.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?