A zero-day vulnerability in Atlas VPN affects the client Linux causing a user's actual IP address to be leaked by simply visiting a website.
See also: Akira ransomware targets Cisco VPNs to breach organizations
Atlas VPN is a VPN software that provides a cost-effective solution based on WireGuard and supports all major VPNs. operating systems.
In a post on Reddit, a researcher reports an example of an exploit of the Atlas VPN Linux client. Specifically, he reports that the latest version 1.0.3 has an API endpoint on localhost (127.0.0.1) via port 8076.
This API provides a command-line interface (CLI) for performing various actions. With this interface, you can disconnect a session VPN connection using the URL http://127.0.0.1:8076/connection/stop.
However, this API does not perform any authentication, allowing anyone to issue commands to the CLI, even a website you are visiting. A user with the name 'Educational-Map-8145' posted a PoC exploit on Reddit that exploits the Atlas VPN Linux API to reveal a user's real IP addresses.
This copy is intended to create an invisible form that will be automatically submitted via the JavaScript, in order to connect to the final URL of the API at http://127.0.0.1:8076/connection/stop.
When you access this API endpoint, it automatically terminates any active Atlas VPN connections that are hiding a user's IP address.
See also: Meta prevents EU-based users from accessing Threads via VPN
After the VPN connection is disconnected, the PoC will connect to the URL api.ipify.org to record the actual IP address of the visitor.
This is a serious Oversight privacy for any VPN user, as it reveals their actual physical location and real IP address, allowing others to track them and negating one of the main reasons for using a VPN provider.
Ο Chris Partridge, a cybersecurity engineer at Amazon, tested and confirmed the exploit by creating a video to demonstrate the possibility of disclosing an IP address. Partridge explained that the PoC bypasses existing CORS (Cross-Origin Resource Sharing) protections in web browsers. This is because requests are sent to the Atlas VPN API as form submissions.
Normally, CORS excludes requests originating from scripts on sites in domains other than the originating domain. In this case, we are referring to requests made from any site to the local host Computer visitor via the address "http://127.0.0.1:8076/connection/stop“.
However, Partridge reported that using a submission form to "bypass" CORS does not allow the site to receive a response from the form submission. In this case, a response is not required. The form submission is simply used to get the URL needed to disconnect from the Atlas VPN connection on Linux.
Given the critical nature of this zero-day vulnerability, which remains exploitable until a code update is released, Linux clients are advised to take immediate preventative measures, including considering a VPN alternative.
See also: Microsoft Edge upgrades the built-in Cloudflare VPN with 5 GB of data
Atlas VPN is a new player in the VPN world, providing reliable, fast, and secure connections to the Internet. internet. Although it offers many features, such as hiding the user's real IP address and protecting against DNS leaks, the recent discovery of the zero-day vulnerability shows that the Software is not immune. It's crucial for VPN providers to fix any vulnerabilities quickly to protect their customers' data. data users and maintain their trust.
