A new vulnerability has been discovered that affects many Virtual Private Network (VPN) services, specifically those that offer Port Forwarding (lots of them).
Essentially an attacker can expose your real IP address if they're on the same VPN provider by forwarding traffic on a specific port to the victims VPN IP address.
https://www.perfect-privacy.com/blo...affecting-vpn-providers-with-port-forwarding/
This one is quite significant as it affects a lot of VPN providers.
NOTE: It makes no difference if the victim has port forwarding activated or not, the VPN provider only needs to support the feature.
VPN providers should be able to adapt to this by adding a firewall rule at server level, which can block access to forwarded ports from clients’ real IP addresses.
Essentially an attacker can expose your real IP address if they're on the same VPN provider by forwarding traffic on a specific port to the victims VPN IP address.
https://www.perfect-privacy.com/blo...affecting-vpn-providers-with-port-forwarding/
This one is quite significant as it affects a lot of VPN providers.
NOTE: It makes no difference if the victim has port forwarding activated or not, the VPN provider only needs to support the feature.
VPN providers should be able to adapt to this by adding a firewall rule at server level, which can block access to forwarded ports from clients’ real IP addresses.