Update 2023-09-03-Atlas-VPN-0Day.md

ColoursofOSINT · Sep 3, 2023 · c7f0389 · c7f0389
1 parent 088e04b
commit c7f0389
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/_posts/2023-09-03-Atlas-VPN-0Day.md b/_posts/2023-09-03-Atlas-VPN-0Day.md
@@ -15,9 +15,9 @@ It appears their inability to secure their services has occurred again.
 # The 0-Day
 Two days ago, a throwaway account named ‘Educational-Map-8145’ (I’ll call them ‘EM8’) posted on the Cybersecurity subreddit what the user claimed to be a 0-day javascript code.  After execution this code could disconnect the “AtlasVPN linux client and leak the users IP address”. [^footnote5] 
 
-According to EM8, the AtlasVPN runs both a client and a daemon, and the client connects via “API on localhost on port 8076”. As any program can access localhost -  including websites - the malicious javascript could be run in any website to cause the VPN to disconnect, exposing the real IP of the user. Fortunately, EM8 firmly stated that the code was “not intended for illegal purposes”, so AltasVPN users should be fine.
+According to EM8, the AtlasVPN runs both a client and a daemon, and the client connects via “API on localhost on port 8076”. As any program can access localhost -  including websites - the malicious javascript could be run in any website to cause the VPN to disconnect, exposing the real IP of the user, which can be collected (included in the PoC script). Fortunately, EM8 firmly stated that the code was “not intended for illegal purposes”, so AltasVPN users should be fine.
 
-# Conformation 
+# Confirmation 
 In a post from Chris Partridge on Mastodon, he called the “hilarious[ly]” bad security “utter garbage”.[^footnote7]  Also included with the exposé was a video which appears to demonstrate the Proof of Concept for the dropped connection, as well as the explination that since it makes "simple request" this allows it to slip past Cross-Origin Resource Sharing ([CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)). 
 
 | Click Below |
@@ -32,6 +32,9 @@ Yikes.
 
 Hopefully Atlas will address the exploit with the same speed as NordVPN. So only 18 months to go.
 
+> I have not verified the PoC myself.
+{: .prompt-warning }
+
 [^footnote1]: [https://www.thevpnexperts.com/research/why-vpn-usage-is-on-the-surge/](https://www.thevpnexperts.com/research/why-vpn-usage-is-on-the-surge/)
 [^footnote2]: [https://www.comparitech.com/vpn/reviews/atlas-vpn-review/](https://www.comparitech.com/vpn/reviews/atlas-vpn-review/)
 [^footnote3]: [https://www.pcmag.com/news/nordvpn-ad-banned-for-exaggerating-threat-of-public-wi-fi](https://www.pcmag.com/news/nordvpn-ad-banned-for-exaggerating-threat-of-public-wi-fi)