Leviathan Security Group has identified a critical vulnerability, CVE-2024-3661, known as TunnelVision. This flaw can compromise the security of Virtual Private Networks (VPNs) by allowing attackers to reveal routing details, potentially leading to a complete VPN leak. The vulnerability works across most platforms, excluding Android, and requires a rogue DHCP server to exploit. It's suggested that the vulnerability could date back to 2002, highlighting its long-standing presence. To mitigate this issue, several potential fixes are proposed, including using network namespaces, implementing firewall rules, ignoring DHCP option 121, and utilizing hotspots or virtual machines. These measures aim to prevent attackers from manipulating traffic and compromising VPN security.

https://www.leviathansecurity.com/blog/tunnelvision

#cybersecurity #vpn #vulnerability #tunnelvision #cve #dhcp #network #namespace #firewall #hotspots #virtualmachines #leviathansecurity

Why Your VPN May Not Be As Secure As It Claims

https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/

#DynamicHostControlProtocol #DHCPstarvationattack #PacketClearingHouse #LeviathanSecurity #ALittleSunshine #LatestWarnings #TheComingStorm #DHCPoption121 #LizzieMoratti #BillWoodcock #JohnKristoff #WebFraud2.0 #DaniCronce

Why Your VPN May Not Be As Secure As It Claims - Virtual private networking (VPN) companies market their services as a way to preve... https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ #dynamichostcontrolprotocol #dhcpstarvationattack #packetclearinghouse #leviathansecurity #alittlesunshine #latestwarnings #thecomingstorm #dhcpoption121 #lizziemoratti #billwoodcock #johnkristoff #webfraud2.0 #danicronce