team of researchers warns that VPNs are affected by a vulnerability that can be exploited to launch man-in-the-middle (MitM) attacks, enabling threat actors to intercept and redirect traffic
attack technique, named Port Shadow and tracked as CVE-2021-3773, builds on research first presented by Benjamin Mixon-Baca and Jedidiah R. Crandall back in 2021
https://www.breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html
paper detailing the research was published this week
(PDF URL)
@corlin yup
vulnerability affects OpenVPN, WireGuard, and OpenConnect running on Linux or FreeBSD. FreeBSD is less vulnerable
"We found that Linux/Netfilter + (OpenVPN and WireGuard), which a large fraction of VPN services use, has the highest susceptibility to these attacks regardless of client platform (PC, Android, and iOS)"
@ecksmc
I have a ticket into Proton VPN.
I will let you know when they reply. Nothing yet on their blog, or notes.
They exclusively use wireguard.
@corlin yeah most VPN providers do prefer wireguard these days
easiest option for users is to use a protocol such as ShadowSocks or Tor....that's the recommended advice
Port scanning can be partially mitigated on Linux desktops using network namespaces
https://github.com/slingamn/namespaced-openvpn
I'm using Mulvard VPN wireguard also
@corlin ironically mulvard's last blog post is
Fourth Infrastructure audit completed by Cure53
We asked Cure53 to focus solely on one OpenVPN and one WireGuard server.
https://mullvad.net/en/blog/fourth-infrastructure-audit-completed-by-cure53
😆😂😂
and Citizen Lab, which often conducts research focusing on online privacy and security, has published a summary
https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/