VPNs are a great tool for staying safe online, but do you know what risks they can pose? Learn about VPN flaws and how hackers can exploit them!
VPNs offer an excellent tool for keeping your security online, but do you know what risks they can bring? Discover VPN flaws and how hackers can exploit them!
In this article from The Hackernews, we will talk about vulnerability discoveries. Researchers from cyber security have discovered critical vulnerabilities in implementations of VPN industrial. Since they are used to provide remote access to operational technology (OT) networks, they could also allow hackers to overwrite data, execute malicious code and compromise industrial control systems (ICS).
Insecure connections and lack of encryption
A common flaw in VPNs arises when the connections are not properly secured or encrypted. This means that hackers can access sensitive data because they pass through these unprotected connections instead of a secure VPNs.
Sensitive personal information can easily get to the hacker once they have access to the network, resulting in personal data theft.
IP address spoofing and logging policies
Another danger to VPNs is that hackers can also cover up their own IP address and inject an IP. that can perform fraud, personal information tracking, or intrusions into other systems using your VPN's network without being detected.
It is important to be aware of the VPN's registration policy and adequate protection measures to prevent this type of attack.
Poor Data Protection and Malware Infection Threats
Lack of data protection can be another security threat if a VPN is used. If data is not properly encrypted and transmitted, it can be exposed to malicious actors on the Internet. In addition, the VPNs are vulnerable to malware infections if they are designed with weak code that can be easily exploited by hackers.
It is important to use reliable VPN providers and inspect the protection measures taken to avoid malware infections or data leaks.
Vulnerabilities and Flaws in VPNs
A new report published by industrial cybersecurity firm Claroty reveals several serious vulnerabilities in enterprise-grade (VPN) installations, including Secomea GateManager M2M Server, Moxa EDR-G902 and EDR-G903, and HMS Networks eWon's eCatcher VPN client.
These vulnerable products are widely used in field industries such as oil and gas, water services and electrical services to remotely access, maintain and monitor ICS and field devices, including programmable logic controllers (PLCs) and input/output devices.
According to Claroty researchers, successful exploitation of these vulnerabilities could give an unauthenticated attacker direct access to ICS devices and potentially cause some physical damage.
Researchers have discovered several security vulnerabilities in Secomean's GateManager, including a critical vulnerability (CVE-2020-14500) that could allow overwriting arbitrary data, execute arbitrary code or cause a DoS condition, execute commands as root and obtain user passwords due to the use of a weak hash type.
GateManager is a widely used ICS remote access server deployed worldwide as a cloud-based SaaS solution that allows users to connect to the internal Internet network through an encrypted tunnel, avoiding server configurations.
Critical failure of remote access solution
The critical bug, identified as CVE-2020-14500, affects the GateManager component, the primary routing instance in the Secomea remote access solution. The bug is caused by improper handling of some HTTP request headers provided by the client.
This flaw can be exploited remotely and without requiring authentication to secure remote code execution, which can result in full access to a customer's internal network and the ability to decrypt all traffic passing through VPN.
Remote code execution
On the Moxa EDR-G902 and EDR-G903 industrial VPN servers, researchers discovered a stack-based buffer overflow flaw (CVE-2020-14511) on the system's web server that can be triggered by sending a specially crafted HTTP request, potentially allowing attackers to perform remote code execution without requiring any credentials.
The Claroty researchers also tested the eCatcher from HMS Networks, a proprietary VPN client that connects to the company's eWon VPN appliance, and found that the product is vulnerable to a heap-based critical buffer overflow (CVE-2020-14498) which can be exploited to achieve remote code execution.
All an attacker needs to do is trick victims into visiting a malicious website or opening a malicious email containing a specially crafted HTML element that triggers the eCatcher flaw, allowing attackers to take complete control of the target computer.
All three vendors were notified of the vulnerabilities and responded quickly to release security patches to fix the vulnerabilities in their products.
Secomea users are advised to upgrade their products to the newly released GateManager versions 9.2c/9.2i; Moxa users need to upgrade EDR-G902/3 to version v5.5 by applying firmware updates available for EDR-G902 series and EDR-G903 series; HMS users and HMS networks are advised to upgrade eCatcher to version 6.5.5 or higher.