When you connect to the Internet, there is a potential risk that someone might be snooping on your activities, or an attacker is phishing for your important information. Believe it or not. It happens.
That is why people who value their online privacy very much use security tools and software. There are free security tools and software, but if they are free it means the services that they provide are either limited, or they need something (usually your data) from you. Which is not really good. That is why, even though some of these tools and software are expensive, users and companies are willing to pay just to ensure that they have a secured connection.
One of these security methods is a
Sounds great right? It is!
What would happen if you didn’t read our reviews of the best VPNs and chose a
ProtonVPN and NordVPN system vulnerabilities
ProtonVPN and NordVPN are two popular VPNs, but despite their popularity they are under fire for having vulnerabilities in their
It was found out by researchers recently that both ProtonVPN and NordVPN have bugs. These bugs are a good opportunity for attackers to intercept
The vulnerabilities found on ProtonVPN and NordVPN are done through a Windows admin escalation security flaw discovered by VerSprite and was tagged as CVE-2018-10169.
NordVPN and Proton
VPN create security patches
To resolve this security problem, both companies have already applied security patches, but it seems that these patches were not enough to solve the entire problem. Since these patches are like a temporary fix, it is still possible for attackers to exploit and execute arbitrary codes via different means, not to mention how it can go after those who have not updated with the patch – if you’re reading this and you use these VPNs it time to update!
It was also found out that the bugs were caused because both software has the same design issues. Both ProtonVPN and NordVPN use execute binaries that have a logged-in user interface. They also both have a
This is where the danger happens. Attackers can control the OpenVPN command line and intercept the connection or sending of information. They can send malicious data on the OpenVPN command line so that they can control or tamper with the
Patches on software vulnerabilities
Since both ProtonVPN and NordVPN have the same design, they both created the same patch on the OpenVPN configuration file.
However, upon the investigation of Cisco Talos researchers, they found out that these patches contained flaws. These flaws can allow attackers to revert the patch or the fix.
Testing was done on the 18.104.22.168 version of NordVPN as well as 1.5.1 version of ProtonVPN. During the testing, security researchers found out that the original fix or patch made in both versions can still be easily hacked or intercepted:
- The first bug that was found out was CVE-2018-3952. It was found on NordVPN. If the bug is found by attackers, it can potentially harm NordVPN’s users.
- On the other hand, the bug found on ProtonVPN is CVE-2018-4010. Though ProtonVPN is really new in the
VPNindustry, it can still affect its hundreds of users.
- Both CVE-2018-3952 and CVE-2018-4010 can result in arbitrary command execution.
Since NordVPN is an experienced
Update your software now
Clients of both VPNs are advised and encouraged to update their software to avoid any interception of information or possible hacking.
Even though vulnerabilities were found on both
However, ProtonVPN reminds its clients to update to the latest versions of their software to ensure that their
Even though patches and fixes were made, both software still continue to monitor the situation, and create ways to make their products more secure to avoid potential hacking. If any of this has put you off these two providers, see our reviews of the Top 10 Providers for a new VPN.