A security researcher has published exploit code for AtlasVPN for Linux. This code could enable any hacker to disconnect a user and reveal their IP address by luring them to a website. AtlasVPN is a “freemium” service owned by NordVPN and is used by over 6 million people worldwide.
On September 1, an unidentified researcher posted exploit code for AtlasVPN Linux to the Full Disclosure mailing list and Reddit. This allowed any hacker to copy and paste this code to their own site and disconnect any AtlasVPN user from their private network and reveal their IP address. The point of a VPN is to mask this information, so this is a significant problem for users. The issue with AtlasVPN’s Linux client is improper authentication. The head of the IT department at AtlasVPN wrote that the company is fixing the issue via a response on Reddit. Linux client users will be notified and a patch will be released as soon as possible.
Read More: AtlasVPN Linux Zero-Day Disconnects Users, Reveals IP Addresses