Security News > 2023 > September > Atlas VPN zero-day vulnerability leaks users' real IP address
An Atlas VPN zero-day vulnerability affecting the Linux client leaks a user's real IP address simply by visiting a website.
Atlas VPN is a VPN product that offers a cost-effective solution based on WireGuard and supports all major operating systems.
A Reddit user named 'Educational-Map-8145' published a PoC exploit on Reddit that abuses the Atlas VPN Linux API to reveal a user's real IP addresses.
0.0.1:8076/connection/stop API endpoint URL. When this API endpoint is accessed, it automatically terminates any active Atlas VPN sessions that hide a user's IP address.
This is a severe privacy breach for any VPN user as it exposes their approximate physical location and actual IP address, allowing them to be tracked and nullifying one of the core reasons for using a VPN provider.
The vulnerability affects Atlas VPN Linux client version 1.0.3.
News URL
Related news
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Amazon confirms employee data exposed in leak linked to MOVEit vulnerability (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)