Monday, October 7, 2024
HomeCyber Security NewsExpressVPN Flaw Exposes Some the DNS Requests to Third-Party Server

ExpressVPN Flaw Exposes Some the DNS Requests to Third-Party Server

Published on

Customers of ExpressVPN have been notified of a vulnerability in the most recent version of the Windows app that permitted some DNS requests to be routed to a third-party server, usually the user’s internet service provider (ISP).

After a reviewer pointed out that there might be a problem with the way the app handles DNS requests for users who have “split tunneling enabled,” ExpressVPN’s engineers swiftly released a fix for the Version 12 app for Windows.

Engineers have temporarily removed a feature from its Windows app to reduce the possibility of mishandling DNS requests.

- Advertisement - EHA
Document
Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

Overview of the ExpressVPN Flaw

A user’s DNS requests should be routed to an ExpressVPN server when they are connected to the service. However, the flaw made it possible for some of those requests to be routed to a different server—typically, the user’s ISP—instead of the original server.

“This lets the ISP see what domains are being visited by that user, such as google.com, although the ISP still can’t see any individual webpages, searches, or other online behavior,” the VPN provider reports.

“All contents of the user’s online traffic remain encrypted and unviewable by the ISP or any other third party.”

VPN expert and staff writer at CNET, Attila Tomaschek, contacted ExpressVPN to report that he was observing DNS requests on his Windows computer that weren’t going to ExpressVPN’s dedicated servers as expected.

Particularly, this happened when he enabled split tunneling, which limits which apps may send traffic across the VPN.

To reduce the possible continued risk to consumers, ExpressVPN released an update that completely disabled split tunneling on one app platform, Version 12, for Windows, even though the vulnerability is thought to affect less than 1% of users.

“The feature will remain deactivated while engineers investigate and fix the problem”, the report said.

Affected Versions

All versions released between 12.23.1 and 12.72.0 are affected by this issue on Windows.

Fix Available

On Windows, users of ExpressVPN versions 12.23.1 to 12.72.0 should update to the most recent version, 12.73.0.

If you use the Windows Version 12 app, you need to update to the most recent version if it hasn’t updated itself previously. Users do not need to take any action if they are using the Windows Version 10 app or any of the apps for other platforms and devices.

As soon as engineers are certain that the DNS issue has been fixed, split tunneling will resume on Version 12. It’s still accessible in the Windows app version 10 and is operating as it should.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...