VPNs are a great tool for staying safe online, but do you know what risks they can pose? Learn about VPN flaws and how hackers can exploit them!
VPNs offer an excellent tool for keeping your security online, but do you know what risks they can bring? Discover VPN flaws and how hackers can exploit them!
In this article from The Hackernews, we'll talk about vulnerability discoveries. Researchers from cyber security discovered critical vulnerabilities in implementations of VPN industrial. Since they are used to provide remote access to operational technology (OT) networks, they could also allow hackers to overwrite data, execute malicious code and compromise industrial control systems (ICS).
Summary
Insecure connections and lack of encryption
A common flaw in VPNs arises when connections are not properly secured or encrypted. This means that hackers can access sensitive data because they pass through these unprotected connections instead of a secure server of VPNs.
Sensitive personal information can easily reach the hacker once they gain access to the network, resulting in the theft of personal data.
IP address spoofing and logging policies
Another danger to VPNs is that hackers can also cover up their own IP address and inject an IP. that can carry out fraud, track personal information or hack into other systems using your VPN's network without being detected.
It is important to be aware of the VPN's logging policy and the appropriate protection measures to prevent this type of attack.
Poor data protection and threats of malware infection
Lack of data protection can be another security threat if a VPN is used. If data is not properly encrypted and transmitted, it can be exposed to malicious actors on the Internet. In addition VPNs are vulnerable to malware infections if they have been designed with weak code that can be easily exploited by hackers.
It's important to use reliable VPN providers and check the protection measures taken to avoid malware infections or data leaks.
Vulnerabilities and flaws in VPNs
A new report published by industrial cybersecurity company Claroty demonstrates several serious vulnerabilities in enterprise-level (VPN) installations, including the Secomea GateManager M2M Server, the Moxa EDR-G902 and EDR-G903 and the eCatcher VPN client from HMS Networks eWon.
These vulnerable products are widely used in field industries, such as oil and gas, water services and electrical services, to remotely access, maintain and monitor ICS and field devices, including programmable logic controllers (PLCs) and input/output devices.
According to the Claroty researchers, successful exploitation of these vulnerabilities could give an unauthenticated attacker direct access to ICS devices and potentially cause some physical damage.
Critical vulnerability
In Secomean's GateManager, the researchers discovered several security flaws, including a critical vulnerability (CVE-2020-14500) that allows arbitrary data to be overwritten, arbitrary code to be executed or cause a DoS condition, commands to be executed as root and user passwords to be obtained due to the use of a weak hash type.
GateManager is a widely used ICS remote access server, deployed around the world as a cloud-based SaaS solution that allows users to connect to the internal Internet network via an encrypted tunnel, avoiding server configurations.
Critical failure in the Remote Access solution
The critical fault, identified as CVE-2020-14500, affects the GateManager component, the main routing instance in the Secomea remote access solution. The failure occurs due to improper handling of some of the HTTP request headers provided by the client.
This flaw can be exploited remotely and without requiring authentication to ensure remote code execution, which can result in full access to a client's internal network, in addition to the ability to decrypt all traffic passing through the VPN.
Remote Code Execution
On the Moxa EDR-G902 and EDR-G903 industrial VPN servers, the researchers discovered a stack-based buffer overflow error (CVE-2020-14511) on the system's web server that can be triggered just by sending a specially crafted HTTP request, eventually allowing attackers to perform remote code execution without the need for credentials.
The Claroty researchers also tested the eCatcher from HMS Networks, a proprietary VPN client that connects to the company's eWon VPN appliance, and found that the product is vulnerable to a critical stack-based buffer overflow (CVE-2020-14498) which can be exploited to achieve remote code execution.
All an attacker needs to do is trick victims into visiting a malicious website or opening a malicious email containing a specifically crafted HTML element that triggers the eCatcher flaw, allowing attackers to take complete control of the target machine.
All three vendors were notified of the vulnerabilities and responded quickly to release security patches that fix the holes in their products.
Secomea users are recommended to update their products to the recently released GateManager 9.2c / 9.2i versions, Moxa users need to update EDR-G902 / 3 to version v5.5, applying firmware updates available for the EDR-G902 series and EDR-G903 series, and HMS networks users are advised to update eCatcher toVersion 6.5.5 or later.
SSL VPN Best Practices: 7 Tips to ensure security and efficiency
