A serious vulnerability has surfaced affecting VPN connections on many systems. Upon exploitation, this vulnerability allows a potential attacker to sniff on other users’ VPN data. The attacker can also hijack VPN-tunneled connections. VPN Vulnerability Allows Connection Hijacking Researchers from Breakpointing Bad & University of New Mexico have discovered a serious vulnerability affecting VPN connections. An attacker on the network can exploit this vulnerability to hijack VPN connections and sniff users’ data. As explained in the researchers’ public disclosure, the vulnerability CVE-2019-14899 affects most Linux and Unix-based systems, including Android and macOS.
In brief, conducting the attack requires the attacker to access four components. These include two components controlled by the attacker: the victim’s device and the access point (AP), and two other components outside the attackers’ control: the VPN server, and the webserver. The overall exploit behavior may vary for different systems. For all vulnerable OS, the flaw is exploitable and ultimately allows the attacker to hijack TCP connections. More technical details about the attack and the list of vulnerable systems are available in the research team’s disclosure. Possible Mitigations The researchers plan to share a detailed paper on their findings in the future after a workaround is implemented. For now, they have disclosed the vulnerability, that too, after informing the affected services, including WireGuard, Systemd, OpenVPN, Apple, Google and Linux distros. However, until a workaround is available, the researchers have shared some possible mitigations. These include, Turning reverse path filtering on Bogon filtering Encrypted packet size and timing