Jump to content
Not connected, Your IP: 3.146.65.134
fsy

Atlas VPN zero-day vulnerability leaks users' real IP address

Recommended Posts

Context: https://www.techradar.com/news/nord-security-snaps-up-atlas-vpn
I don't know what's worse here.

  • Unauthenticated web interface
  • lack of CSRF that would prevent such blind requests
  • the web interface on a localhost port
    • that browsers still allow access to without asking any permission-related questions
Regardless of the current fix, websites will be able to find out if the user is a user of Atlas VPN, without any IP matching.

And in the case it's used by the client, it's a giant red flag of qualification, business direction and security practices at Atlas and Nord as a whole. Now that Nord positions itself as a cybersecurity company especially in the B2B segment, I can't explain how they don't have processes in place to audit the design choices of their acquired companies. This further reinforces my position to avoid them entirely.

Share this post


Link to post
22 hours ago, Stalinium said:

And in the case it's used by the client, it's a giant red flag of qualification, business direction and security practices at Atlas and Nord as a whole. Now that Nord positions itself as a cybersecurity company especially in the B2B segment, I can't explain how they don't have processes in place to audit the design choices of their acquired companies. This further reinforces my position to avoid them entirely.


NordVPN? Those who had servers cracked no more than a few years ago because they ignored to check IPMI interfaces? 🤣
By golly, we live in a world where the head of the European Central Bank is a convicted person found guilty in court for negligence in finance-related crimes when she was Minister of Finance in France, a world where the planet's largest company offering privacy-oriented VPN services favored clickware and adware spreading and infections, so NordVPN cucks recycling themselves as security experts is clearly a very proper and natural action. 😏

I realize now I opened this topic on the wrong forum, I wanted to open it in "Other VPN competitors" and not here! Moderators help!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...