Port Fail Vulnerability : Critical VPN Vulnerability
On November 26 Perfect Privacy disclosed the Port Fail vulnerability, which can lead to an IP address leak for clients of VPN services with a “port forwarding” feature.
Though some might argue that this is not a VPN vulnerability and just a Routing Feature .
[box ENGINE=”shadow” align=”” class=”” width=””]The news article published on Geektimes, which originally had a clickbait title, said that Private Internet Access — one of the biggest VPN service provider — paid $5000 for this “vulnerability”.[/box]
What could go wrong due to Port Fail Vulnerability?
A threat is posed only by the applications listening to incoming connections on a UDP port. There aren’t many of those applications on a regular home user’s PC. But usually there are at least some of them. So the threat is still eminent for most .
Here is an example on how this vulnerability exposes the real IP of any Skype user :
How Port Fail Vulnerability Exposes your REAL IP on SKYPE
Using Port Fail VPN Vulnerability it’s possible to disclose the real IP of a Skype accounts you’re interested in. There are a bunch of Skype IP resolvers which can give you the VPN IP address and port number of a Skype user using only their Skype login.
We have an Article recently published on the same : Link to Skype Resolver Tutorial
Then you need to use the same thing a copyright monitoring company would use — send some UDP packets to the whole internet on the exact port. It’s remarkable but Skype will send you a reply for almost any data! The nping utility from nmap package suits our needs very well:
# nping --udp -p 13318 --data-string 'hellothere!' -c 1 serv.valdikss.org.ru Starting Nping 0.7.00 ( https://nmap.org/nping ) at 2015-12-20 19:54 MSK SENT (0.0157s) UDP 195.154.127.59:53 > 92.42.31.8:13318 ttl=64 id=10802 iplen=39 RCVD (0.0859s) UDP 185.61.149.121:4272 > 195.154.127.59:53 ttl=54 id=1534 iplen=32 Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
So , conviniently the real IP adderess of any Skype user is easily recovered . That’s a different story what the hacker can do if he tracks your real IP. Always be careful with this VPN Vulnerability.