VPN users be aware , Port Fail flaw can reveal your identity

Pierluigi Paganini November 27, 2015

Security experts at the VPN provider Perfect Privacy discovered a new vulnerability dubbed Port Fail that could be exploited to de-anonymize VPN users.

Security experts at the VPN provider Perfect Privacy discovered a new vulnerability dubbed Port Fail which affect all VPN (Virtual Private Network) protocols and operating systems. An attacker can exploit the Port Fail flaw to reveal the real IP-addresses of VPN users,  including BitTorrent users.

Experts at Perfect Privacy tested nine VPN providers out of which five were found to be vulnerable to the Port fail flaw, the providers Private Internet Access (PIA), Ovpn.to and nVPN have fixed the issue before publication.

The experts at Perfect Privacy explained that the vulnerability is a simple port forwarding issue that affects all the services that implement the “port forwarding” feature and that doesn’t implement any defensive mechanism. The Port Fail affects all VPN protocols including the IPSec, OpenVPN, PPTP.

“We have discovered a vulnerability in a number of providers that allows an attacker to expose the real IP address of a victim. Port Fail affects VPN providers that offer port forwarding and have no protection against this specific attack.” Perfect Privacy wrote in a blog post on Thursday.

Basically, if the attacker uses the same VPN as the victim, then the real IP-address of the targeted user can be exposed by forwarding Internet traffic to a specific port. A successful Port Fail attack also required to know the victim’s VPN exit IP address, an information that is quite easy to discover by tricking a victim into visiting a website control controlled by the attacker.

VPN port fail 2

“The crucial issue here is that a VPN user connecting to his own VPN server will use his default route with his real IP address, as this is required for the VPN connection to work,” continues the post.

The attack works also against BitTorrent users and in this attack scenario there is no need for the attacker to redirect the victim to their page, the attacker only with the activated port forwarding for the default BitTorrent port can discover the real IP-address of a VPN user that share the same network.

The VPN affected by the vulnerability were already alerted by the company, but there is the risk that many other providers suffer the issue.

“other VPN providers may be vulnerable to this attack as we could not possibly test all.” states Perfect Privacy.

I suggest you giving a look to a blog post published by the penetration tester Darren Martyn describing the Port Fail attack scenario against Torrent users.

“I believe this kind of attack is probably going to be used heavily by copyright-litigation firms trying to prosecute Torrent users in the future, so it is probably best to double check that the VPN provider you are using does not suffer this vulnerability,” explained Martyn said.

Pierluigi Paganini

(Security Affairs – VPN, Port Fail)



you might also like

leave a comment