Don Caprio

A Major VPN Flaw Exposes Users’ Real IP Addresses

You are here: Home / Computers & Internet / Internet Security / A Major VPN Flaw Exposes Users’ Real IP Addresses
Posted by Wale Adekile . Posted on: at .

A major VPN flaw has just been discovered and according to a recent research, VPN users now risk exposing their real IP address. The newly discovered flaw, if exploited, can expose a user’s real IP address and identity. People around the world use Virtual Private Networks to hide their IP addresses, protect their privacy and stay secure on the internet but according to the research by Perfect Privacy, this flaw may be exploited by hackers, censorship agencies, cyber criminals and authorities to detect a user’s real IP address, defeating the main purpose of VPN usage.

vpn flaw
Image credit: Int’l Herald Tribune

Due to censorship laws in different countries around the world, VPN usage has been on the rise. Many users too who prefer to keep their identity private now use Virtual Private Networks. According to Perfect Privacy:

The crucial issue here is that a VPN user connecting to his own VPN server will use his default route with his real IP address, as this is required for the VPN connection to work. If another user (the attacker) has port forwarding activated for his account on the same server, he can find out the real IP addresses of any user on the same VPN server by tricking him into visiting a link that redirects the traffic to a port under his control.

Also note that due to the nature of this attack all VPN protocols (IPSec, OpenVPN, PPTP, etc.) and all operating systems are affected.

If your VPN provider offers port forwarding and has no protection against this specific attack, you stand the risk of exposing your real IP address. A lot of providers are affected with by flaw. This is how it works: A victim’s real IP address can easily get exposed if a potential attacker uses the same VPN as the victim and traffic is being forwarded on a specific port. According to Perfect Privacy, there’s a way to fix this which VPN providers should employ:

  • Have multiple IP addresses, allow incoming connections to ip1, exit connections through ip2-ipx, have portforwardings on ip2-ipx
  • On Client connect set server side firewall rule to block access from Client real IP to portforwardings that are not his own.

A lot of providers are already fixing this but if your provider still isn’t doing anything, now may be a good time to inform them.