This popular VPN has been hit by a major security vulnerability

A security researcher has discovered a new vulnerability in the VPN service SaferVPN that could allow for local privilege escalation on W...

A security researcher has discovered a new vulnerability in the VPN service SaferVPN that could allow for local privilege escalation on Windows systems.

The local privilege escalation vulnerability was discovered by a researcher known as nmht3t who previously disclosed the fact that SaferVPN silently fixed a DoS vulnerability in its VPN client last September. In a new blog post on Medium, mmht3t revealed why he chose to publicly disclose his latest discovery, saying:

“SaferVPN does not fix this vulnerability even after a 90-day disclosure deadline. Therefore, there is no patch available at the moment for this product. In order to inform the users of the vulnerability, I decided to publicly disclose the vulnerability.”

Security researchers often give companies a 90-day deadline to fix any vulnerabilities before they disclose them publicly. As SaferVPN failed to patch this latest vulnerability in a timely manner, mmht3t felt it was in the best interest of the company's users to warn them about it.

Local privilege escalation flaw

According to mmht3t's vulnerability summary, when SaferVPN attempts to connect to a VPN server it spawns the OpenVPN executable in the context of NT AUTHORITY\SYSTEM. The service's VPN client then tries to load an openssl.cnf configuration file from a non-existing folder (C:\etc\ssl\openssl.cnf).

However, as a low-privileged users is able to create folders under C:\ on Windows, it's possible for them to create the appropriate path and place a crafted openssl.cnf file in it. Once OpenVPN starts in SaferVPN, this file can load a malicious OpenSSL engine library which results in arbitrary code execution as SYSTEM.

SaferVPN versions 5.0.3.3 to 5.04.15 are vulnerable to this local privilege escalation flaw tracked as CVE-2020–26050.

Mmht3t first discovered this vulnerability earlier this year and they sent the details of the vulnerability to SaferVPN in July. After a follow up with no response from the company and informing them that the 90-day disclosure deadline was approaching, mmht3t decided to make their findings public in January.



from TechRadar - All the latest technology news https://ift.tt/39s7Pbt
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,108,Video,5,XIAOMI,13,YouTube - 9to5Google,107,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: This popular VPN has been hit by a major security vulnerability
This popular VPN has been hit by a major security vulnerability
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2021/01/this-popular-vpn-has-been-hit-by-major.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2021/01/this-popular-vpn-has-been-hit-by-major.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy