A Virtual Private Network (VPN) is the need of the hour[1] if you want to hide your identity on the Internet. But in a fresh discovery, a security researcher has found that users opting Hotspot Shield, which claims to have over 500 million users worldwide, are at risk as the VPN client is disclosing their sensitive information.
The vulnerability, listed as CVE-2018-6460 on the National Vulnerability Database in the US, lets attackers extract details about the system on which Hotspot Shield is running; moreover, the hackers can figure out whether the user is connected to the VPN and from which location courtesy the bug. AnchorFree, the company behind Hotspot Shield, has reportedly acknowledged the flaw to an extent and promised an update to protect its users.
Web application security researcher and penetration tester Paulos Yibelo, who spotted[2] the Hotspot Shield bug, revealed the VPN client hosts sensitive JSONP endpoints on its native Web server that return various values and configuration data. All this could help a potential attacker to obtain sensitive information secretly. "User-controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address," reads[3] the description of the vulnerability.
Folks at ZDNet were able to verify the presence of the vulnerability by using the proof-of-concept code developed by Yibelo. The proof-of-concept code calls from a JavaScript file hosted on Hotspot Shield's web server that is installed on the user's computer to return sensitive data, including configuration details of the machine.
While Yibelo claims that he was...