Tuesday, February 27, 2024

ExpressVPN Flaw Exposes Some the DNS Requests to Third-Party Server

Customers of ExpressVPN have been notified of a vulnerability in the most recent version of the Windows app that permitted some DNS requests to be routed to a third-party server, usually the user’s internet service provider (ISP).

After a reviewer pointed out that there might be a problem with the way the app handles DNS requests for users who have “split tunneling enabled,” ExpressVPN’s engineers swiftly released a fix for the Version 12 app for Windows.

Engineers have temporarily removed a feature from its Windows app to reduce the possibility of mishandling DNS requests.

Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

Overview of the ExpressVPN Flaw

A user’s DNS requests should be routed to an ExpressVPN server when they are connected to the service. However, the flaw made it possible for some of those requests to be routed to a different server—typically, the user’s ISP—instead of the original server.

“This lets the ISP see what domains are being visited by that user, such as google.com, although the ISP still can’t see any individual webpages, searches, or other online behavior,” the VPN provider reports.

“All contents of the user’s online traffic remain encrypted and unviewable by the ISP or any other third party.”

VPN expert and staff writer at CNET, Attila Tomaschek, contacted ExpressVPN to report that he was observing DNS requests on his Windows computer that weren’t going to ExpressVPN’s dedicated servers as expected.

Particularly, this happened when he enabled split tunneling, which limits which apps may send traffic across the VPN.

To reduce the possible continued risk to consumers, ExpressVPN released an update that completely disabled split tunneling on one app platform, Version 12, for Windows, even though the vulnerability is thought to affect less than 1% of users.

“The feature will remain deactivated while engineers investigate and fix the problem”, the report said.

Affected Versions

All versions released between 12.23.1 and 12.72.0 are affected by this issue on Windows.

Fix Available

On Windows, users of ExpressVPN versions 12.23.1 to 12.72.0 should update to the most recent version, 12.73.0.

If you use the Windows Version 12 app, you need to update to the most recent version if it hasn’t updated itself previously. Users do not need to take any action if they are using the Windows Version 10 app or any of the apps for other platforms and devices.

As soon as engineers are certain that the DNS issue has been fixed, split tunneling will resume on Version 12. It’s still accessible in the Windows app version 10 and is operating as it should.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Latest articles

Abyss Locker Ransomware Attacks Microsoft Windows and Linux Users

FortiGuard Labs has released a report detailing the emergence and impact of the Abyss...

14-Year-Old CMS Editor Flaw Exploited to Hack Govt & Edu Sites

Hackers have exploited a vulnerability in a 14-year-old Content Management System (CMS) editor, FCKeditor,...

Zyxel Firewall Flaw Let Attackers Execute Remote Code

Four new vulnerabilities have been discovered in some of the Zyxel Firewall and access...

Hackers Abuse Telegram API To Exfiltrate User Information

Attackers have been using keywords like "remittance" and "receipts" to spread phishing scripts using...

ThreatHunter.ai Stops Hundreds of Attacks in 48 Hours: Fighting Ransomware and Nation-State Cyber Threats

The current large surge in cyber threats has left many organizations grappling for security...

WordPress Plugin Flaw Exposes 200,000+ Websites for Hacking

A critical security flaw has been identified in the Ultimate Member plugin for WordPress,...

Hackers Actively Hijacking ConnectWise ScreenConnect server

ConnectWise, a prominent software company, issued an urgent security bulletin on February 19, 2024,...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles