Saturday, July 13, 2024

ExpressVPN Flaw Exposes Some the DNS Requests to Third-Party Server

Customers of ExpressVPN have been notified of a vulnerability in the most recent version of the Windows app that permitted some DNS requests to be routed to a third-party server, usually the user’s internet service provider (ISP).

After a reviewer pointed out that there might be a problem with the way the app handles DNS requests for users who have “split tunneling enabled,” ExpressVPN’s engineers swiftly released a fix for the Version 12 app for Windows.

Engineers have temporarily removed a feature from its Windows app to reduce the possibility of mishandling DNS requests.

Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

Overview of the ExpressVPN Flaw

A user’s DNS requests should be routed to an ExpressVPN server when they are connected to the service. However, the flaw made it possible for some of those requests to be routed to a different server—typically, the user’s ISP—instead of the original server.

“This lets the ISP see what domains are being visited by that user, such as, although the ISP still can’t see any individual webpages, searches, or other online behavior,” the VPN provider reports.

“All contents of the user’s online traffic remain encrypted and unviewable by the ISP or any other third party.”

VPN expert and staff writer at CNET, Attila Tomaschek, contacted ExpressVPN to report that he was observing DNS requests on his Windows computer that weren’t going to ExpressVPN’s dedicated servers as expected.

Particularly, this happened when he enabled split tunneling, which limits which apps may send traffic across the VPN.

To reduce the possible continued risk to consumers, ExpressVPN released an update that completely disabled split tunneling on one app platform, Version 12, for Windows, even though the vulnerability is thought to affect less than 1% of users.

“The feature will remain deactivated while engineers investigate and fix the problem”, the report said.

Affected Versions

All versions released between 12.23.1 and 12.72.0 are affected by this issue on Windows.

Fix Available

On Windows, users of ExpressVPN versions 12.23.1 to 12.72.0 should update to the most recent version, 12.73.0.

If you use the Windows Version 12 app, you need to update to the most recent version if it hasn’t updated itself previously. Users do not need to take any action if they are using the Windows Version 10 app or any of the apps for other platforms and devices.

As soon as engineers are certain that the DNS issue has been fixed, split tunneling will resume on Version 12. It’s still accessible in the Windows app version 10 and is operating as it should.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles