HotSpot Shield VPN Denies Vulnerability That Leaks Data to Hackers
Using a VPN is the need of the hour if you lot are living in a world where every online activity is existence tracked, monitored and access is controlled by governments and corporations. Merely what happens when the VPN itself is leaking the data information technology is supposed to be protecting?
Well, that is the question staring at us today with the news of a serious vulnerability in HotSpot Shield VPN which is used past more than 500 million people effectually the globe.
The vulnerability which is listed as CVE-2018-6460 on the National Vulnerability Database in the United states of america, allows hackers to collect data about the user's systems on which the HotSpot Shield VPN is running. The bug also allows hackers to find when the user is connecting to the VPN and even reveals the location of the user which completely defeats the purpose of using a VPN.
The bug was offset establish by the spider web awarding security researcher and penetration tester Paulos Yibelo, who in a weblog mail detailed the characteristics of the vulnerability. In the blog mail service, Paulos Yibelo wrote that,
"While analyzing this application, I noticed its riddled with bugs that allow sensitive data disclosure and easy compromise."
Further, he takes a deep dive into the technical aspect of the bug:
"Hotspot Shield when turned on runs its own web server to communicate with its ain VPN client. The server runs on a hardcoded host 127.0.0.ane and port 895. Information technology hosts sensitive JSONP endpoints that return multiple interesting values and configuration data. "
According to Paulos, this generates a JSON response with details of the user, the VPN service being used, the real IP address and other system data.
AnchorFree which is the parent company of HotSpot Shield VPN responded by saying that the vulnerability doesn't reveal whatsoever IP data. Yet, in a statement given to ZDNet by Tim Tsoriev, VP of AnchorFree, accepted that the vulnerability does exist and may expose some generic information.
It still unclear equally to how deeply this vulnerability affects the electric current users of HotSpot Shield VPN, that said until the company releases a fix, it would be better if users terminate using the VPN for security purposes.
Source: https://beebom.com/hotspot-shield-vpn-vulnerability/
Posted by: andersonthumbeth1938.blogspot.com
0 Response to "HotSpot Shield VPN Denies Vulnerability That Leaks Data to Hackers"
Post a Comment