steven36 Posted September 28, 2018 Share Posted September 28, 2018 The PureVPN client for Windows is impacted by two vulnerabilities that result in user credential leak, a Trustwave security researcher has discovered. The bugs, Trustwave’s Manuel Nader says, may allow a local attacker to retrieve the stored password of the last user who successfully logged in to the PureVPN service. The attack is performed directly through the GUI (Graphical User Interface), without the need of another tool. For the attack to work, the PureVPN client should have a default installation, the attacker should have access to any local user account, and a user should have successfully logged in to the PureVPN using the client on a Windows machine. When disclosing another user’s credentials in a multiuser environment, the Windows machine should have more than one user. The security researcher discovered that, in version 5.18.2.0 of the PureVPN Windows client, the user password is revealed in the application’s configuration window. To retrieve the password, the attacker simply needs to open the PureVPN client, access the configuration window, open the "User Profile" tab, and click on "Show Password." The researcher also discovered that the PureVPN client for Windows stores the login credentials (username and password) in plaintext in a login.conf file located at 'C:\ProgramData\purevpn\config\. What’s more, all local users have permissions to read this file, the researcher discovered. The issues were disclosed to the vendor in mid-August 2017. A patch was released in June 2018. PureVPN users on Windows are advised to update to version 6.1.0 or later, as this iteration removes the plaintext password vulnerability. “The vendor has accepted the risks of the password being revealed in the client's configuration window,” Nader says. Source Link to comment Share on other sites More sharing options...
I4rg£8all8ag Posted September 30, 2018 Share Posted September 30, 2018 The issues were disclosed to the vendor in mid-August 2017. A patch was released in June 2018. WOW, them guys work like lightning. Link to comment Share on other sites More sharing options...
mkc21 Posted September 30, 2018 Share Posted September 30, 2018 to think I paid for this crap of vpn which doesn't work so well btw Link to comment Share on other sites More sharing options...
steven36 Posted September 30, 2018 Author Share Posted September 30, 2018 6 hours ago, I4rg£8all8ag said: The issues were disclosed to the vendor in mid-August 2017. A patch was released in June 2018. But the vulnerabilities it had was not allowed to be released to the public tell September 28, 2018 because its a closed source app.. they have 90 days to patch after being told , VPNs patch stuff all the time but dont disclose the 0 day tell 3 months latter. this is one of the rare cases were they patched it as soon as they found out about it. It was leaking info for almost a year before they patched it and it was in the vpn best interest that it don't be leaking info were people can pirate there vpn. https://www.trustwave.com/Resources/SpiderLabs-Blog/Credential-Leak-Flaws-in-Windows-PureVPN-Client/ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.