Security News > 2023 > September > Atlas VPN zero-day allows sites to discover users’ IP address

Atlas VPN has confirmed the existence of a zero-day vulnerability that may allow website owners to discover Linux users' real IP address.

Details about this zero-day vulnerability as well as exploit code have been publicly released on Reddit several days ago by the person who discovered the flaw and purportedly first tried to privately share the discovery with Atlas VPN. About the Atlas VPN zero-day vulnerability.

Atlas VPN offers a "Freemium" and paid "Premium" VPN solution that changes users' IP address and encrypts the connections they make to websites and online services.

In short, with a malicious script, any website can craft a request to port 8076 to disconnect the VPN, and then run another request that leaks the user's IP address.

"The vulnerability affects Atlas VPN Linux client version 1.0.3. As the researcher stated, due to the vulnerability, the application and encrypted traffic between a user and the VPN gateway can be disconnected by a malicious actor. This could lead to the user's IP address disclosure," she said.

The head of the IT Department at Atlas VPN commented on the Reddit post and apologized for their slow reaction after the researcher contacted Atlas VPN support.

News URL

https://www.helpnetsecurity.com/2023/09/05/atlas-vpn-zero-day-vulnerability/