In a recent revelation, a zero-day vulnerability in the Atlas VPN Linux client has been exposed, putting users at risk of having their real IP addresses leaked. The flaw was publicly disclosed on Reddit, where details of the vulnerability and its exploit code were shared by the individual who first discovered it.
What is Atlas VPN?
Atlas VPN is a popular VPN service that offers both free and premium solutions to users, allowing them to change their IP addresses and encrypt their online connections. The service is available across a range of platforms including Windows, macOS, Linux, Android, iOS, Android TV, and Amazon Fire TV.
The Vulnerability Explained
The vulnerability specifically targets the AtlasVPN client for Linux, version 1.0.3. The Linux Client of Atlas VPN is divided into two segments: a daemon (atlasvpnd) that oversees the connections and a client (atlasvpn) that users utilize to connect, disconnect, and list services. Shockingly, the client does not employ any form of authentication and opens an API on localhost on port 8076. This means any program running on the computer, even a browser, can access this port.
In simpler terms, a malicious script on any website can craft a request to this port, disconnecting the VPN and subsequently revealing the user’s IP address. However, the attack is only feasible if the user is actively using the v1.0.3 of the AtlasVPN Linux client on Linux.
Chris Partridge, a renowned security engineer, tested and confirmed the exploit, demonstrating its potential harm.
Company’s Response
Atlas VPN has acknowledged the vulnerability. Rūta Čižinauskaitė, the company’s head of communications, stated that they are actively working on a fix. She emphasized that once the flaw is addressed, users will be prompted to update their Linux app to the latest version.
Furthermore, the IT Department at Atlas VPN has publicly apologized for their delayed response after the researcher initially reached out to them. They have committed to refining their processes to ensure quicker reactions to such disclosures in the future.
Atlas VPN also plans to incorporate more security checks in their development process to prevent such vulnerabilities. They have urged researchers and others to report potential threats related to their service at security@atlasvpn.com.
Conclusion
This incident serves as a reminder of the importance of cybersecurity vigilance and the need for companies to prioritize user safety. Users of Atlas VPN on Linux are advised to stay updated and watch out for the forthcoming patch to address this vulnerability.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
