New Vulnerability Lets Attackers Hijack VPN Connections on Most UNIX Systems
|
|
Security researcher William J. Tolley has reported a new vulnerability that appears to allow attackers to hijack VPN connections on most UNIX-based operating systems using either OpenVPN, WireGuard, or IKEv2/IPSec VPN solutions.
|
|
Affecting most GNU/Linux distributions, as well as FreeBSD, OpenBSD, Android, iOS and macOS systems, the new security vulnerability could allow a local attacker to determine if another user is connected to a VPN (Virtual Private Network) server and whether or not there's an active connection to a certain website.
The vulnerability (CVE-2019-14899) is exploitable with adjacent network access, which requires the attacker to have access to either the broadcast or collision domain of the vulnerable operating system, and lets attackers to hijack connections by injecting data into the TCP (Transmission Control Protocol) stream. Full Story |
This topic does not have any threads posted yet!
You cannot post until you login.
