Earlier this month, computer security researchers at Cisco Talos publicly disclosed their discovery of two security vulnerabilities that affected two of the world’s top Virtual Private Network (VPN) providers. The two VPN providers that had been affected were NordVPN and ProtonVPN. Both of the vulnerabilities discovered by the researchers from Cisco Talos were related to another vulnerability that had been previously discovered by researchers from VerSprite and was publicly disclosed in April of this year. The vulnerability that researchers from VerSprite had discovered earlier this year is known as CVE-2018-10169. The CVE-2018-10169 vulnerability affected ProtonVPN users who ran the VPN software on Microsoft’s Windows operating systems.
The two new vulnerabilities discovered by Cisco Talos researchers similarly only affected NordVPN and ProtonMail users who were running Microsoft Windows operating systems. The two vulnerabilities are known as CVE-2018-3952, which affected the NordVPN client for Microsoft Windows, and CVE-2018-4010, which affected the ProtonVPN client for Microsoft Windows. It also appears that these vulnerabilities only affected people who ran the NordVPN or ProtonMail clients, and not users who connected to the VPN servers directly through OpenVPN. Both NordVPN and ProtonVPN offer their users special clients which they can download and then use to select options such as which protocol or server location to use. When a user picks which VPN configuration they want to use and clicks on the connect button, the client then executes the OpenVPN client using the proper VPN configuration file, with administrator privileges.
The original advisory released by VerSprite in April is not entirely clear if the first vulnerability also affected the NordVPN client for Microsoft Windows operating systems. However, it does appear that could be the case, as researchers from Cisco Talos stated that both ProtonVPN and NordVPN released updates for their VPN clients for Microsoft Windows which patched the CVE-2018-1069 vulnerability. In fact, the researchers stated that NordVPN and ProtonVPN used the same exact patch to stop the first vulnerability. The researchers from Cisco Talos explained in their press release that they were able to easily bypass the versions of the NordVPN and ProtonVPN clients for Microsoft Windows that had been patched to fix the vulnerability discovered in April of this year.
The versions of the VPN clients which the Cisco Talos researchers tested the vulnerabilities were version 220.127.116.11 of the NordVPN client for Microsoft Windows operating systems, and version 1.5.1 of the ProtonVPN client for Microsoft Windows operating systems. The two VPN service providers chose to implement different patches to address the vulnerabilities discovered by the Cisco Talos researchers. NordVPN patched their vulnerable VPN client by using an XML model to generate OpenVPN configuration files.
The XML template that NordVPN uses is not able to be edited by regular users. ProtonVPN chose to patch their VPN client by placing the OpenVPN configuration files in the installation directory, which is not able to be modified by regular users.
According to TechRadar NordVPN also issued a second patch to address all three of the vulnerabilities in August.
Earlier this month ProtonVPN released a patch for the new vulnerability discovered by Cisco Talos researchers. Users of both VPN clients had been urged to update after the patches had been released. Researchers believe that most VPN users had been protected from the vulnerabilities. “We have not seen any evidence of this being exploited in the wild, as a user’s computer needs to first be compromised by a hacker before this bug can be exploited,” a spokesperson for ProtonVPN told reporters from ZDNet. If you use a VPN client from NordVPN or ProtonVPN on a Microsoft Windows operating system, be sure to update to the latest version available.
NordVPN currently has a 91% rating on DeepDotWeb’s VPN Comparison Chart, which happens to be the second-best rating of all VPNs that have currently been reviewed on DeepDotWeb. This VPN service is operated by Telefincom co S.A. and it is located in Panama. The company operates 108 VPN servers that are located inside of 24 different countries, some of which include the United States, Canada, the United Kingdom, France, Germany, Brazil, Switzerland, Hong Kong, as well as a variety of servers that are in other locations. The latest version of the NordVPN VPN client for Microsoft Windows operating systems is version 6.17.6, which has been patched to protect against all of the vulnerabilities mentioned in this article.
ProtonVPN is a VPN service that launched during the summer of last year. This VPN service is operated by Proton Technologies AG, the Swiss company that is also behind the free end-to-end encrypted email provider ProtonMail. Proton Technologies AG and its subsidiaries were founded by a group of scientists from CERN. ProtonVPN operates 295 VPN servers which are located in 25 different countries. The company offers both free and paid VPN accounts. The latest version of the ProtonVPN client for Microsoft Windows operating systems is version 1.6.3, and has been patched to protect against all of the vulnerabilities mentioned in this article.