VPN Articles and News

Port Fail Vulnerability Can Reveal Real IP Addresses Of VPN Users

Sunday, April 17th, 2016

Security experts working at Perfect Privacy have discovered a new kind of security vulnerability that can be used by attackers to expose and collect real IP addresses of VPN users. Dubbed as Port Fail Vulnerability, the flaw affects almost all VPN protocols, including OpenVPN, PPTP and IPSec; and those VPN services which offer port forwarding facility and have no security mechanism in place to protect IP leaks. In this article, we will learn more about Port Fail flaw, how it works and what steps can be taken in order to protect VPN users from this dangerous security vulnerability.

Before we learn more about the vulnerability itself, it is crucial to understand how port forwarding works. In simple words, port forwarding is a feature which allows routing networking connections to devices located behind network firewalls or routers. Port forwarding has many practical applications such as granting FTP access to certain users, allowing gamers to access a private game server as well as allowing users to access a private LAN. A lot of VPN vendors offer port forwarding as an add-on feature thus allowing the extension of security and privacy provided by their services to a lot more systems.

How Port Fail Vulnerability Works?

The Port Fail attack can be initiated by an attacker provided he has an account with the same VPN vendor as the victim (and which offers port forwarding functionality). Once the attacker knows the exit IP address of a VPN server (obtained through IRC, bittorrenting software or by forcing victims to visit a site which is under his control), he just needs to set up port forwarding at his end in order to see the IP addresses of the victims. The scary thing is that the victim doesn’t need to have the port forwarding feature enabled in order to get affected by this vulnerability; his IP address can be exposed just by having port forwarding enabled at the attacker’s end. As you can imagine, the vulnerability is very dangerous since it allows harvesting IP addresses of all the users who are connected to a particular VPN server.

Considering that a lot of people rely on anonymity services to protect their privacy on the internet, the Port Fail vulnerability defeats the very purpose of using VPNs. By exploiting this flaw, security agencies can monitor online activities of VPN users, criminals can harvest personal data of innocent users, advertising companies can track browsing patterns while copyright litigation firms can unmask the real identity of bittorrenting users.

While researching the Port Fail vulnerability, Perfect Privacy evaluated nine prominent service providers and discovered that five of them were affected by the flaw. The service providers were informed of the vulnerability before Perfect Privacy decided to publish its details on the web. VPN service providers can fix this flaw by protecting IP leaks and having a rule at the server level which would prevent clients from accessing IPs to portforwarded addresses which are not their own. While most major VPN service providers have already fixed the flaw, the same cannot be said about small or mid-sized VPN vendors. If you are using a VPN service which offers port forwarding feature, contact your service provider to learn whether the vulnerability has already been fixed.

April 17, 2016

Leave a Reply

Your email address will not be published. Required fields are marked *

4 + 2 =