SaferVPN silently fixed a DoS vulnerability

The VPN provider SaferVPN has patched a denial of service (DoS) vulnerability in its software after a bug was discovered by a security re...

The VPN provider SaferVPN has patched a denial of service (DoS) vulnerability in its software after a bug was discovered by a security researcher.

The vulnerability, tracked as CVE-2020-25744, was first disclosed to the company at the beginning of September by a security researcher who goes by the handle mmht3t. However, as SaferVPN silently fixed the bug with the release of version 5.0.3.3 of its VPN client, mmht3t has gone ahead and publicly disclosed the vulnerability in a recent post on Medium.

Versions of the company's VPN software before 5.0.3.3 contain a vulnerability that could allow low-privileged users to create or overwrite arbitrary files which could be exploited to launch DoS attacks.

According to mmht3t, SaferVPN users have full control over the VPN software's log folder and they can delete all of the files contained within it and create a symbolic link pointing to a high privileged file such as c:\Windows\win.ini on their Windows PC. If a user does this, the contents of the log file will be overwritten on the high privileged file.

Lack of recognition

What makes this particularly vulnerability disclosure so interesting is the fact that mmht3t responsibly disclosed the bug he found to SaferVPN and was not credited for his discovery.

VPN providers and other companies often create their own bug bounty programs or use platforms like HackerOne to do so. This allows security researchers to get paid for the bugs they find while also helping them to improve their software.

After discovering the bug in SaferVPN's Windows client, mmht3t emailed the company to inform them of the situation and then sent details about the vulnerability when requested. However, he then tried to follow up with the company twice and they did not respond on both occasions. Instead SaferVPN quietly patched the bug with the release of  version 5.0.3.3 of its VPN client. It was then that mmht3t decided to publicly disclose the bug which led to the vulnerability being assigned a CVE.

TechRadar Pro has reached out to SaferVPN in regard to the matter but we've yet to hear back at the time of writing.

  • We've also highlighted the best VPN services


from TechRadar - All the latest technology news https://ift.tt/3hVY5Zh
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,184,Video,5,XIAOMI,13,YouTube - 9to5Google,183,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: SaferVPN silently fixed a DoS vulnerability
SaferVPN silently fixed a DoS vulnerability
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2020/09/safervpn-silently-fixed-dos.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2020/09/safervpn-silently-fixed-dos.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy