Atlas VPN security flaw leaked users' real IP address

No fix is available, leaving some Atlas VPN users at risk

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security experts have discovered a major zero-day flaw in Atlas VPN’sLinuxclient that basically renders the entire service useless.

A researcher going by the alias “Educational-Map-8145” posted a new thread on Reddit, in which they explain a bug in theAtlas VPNclient for Linux which allows those that abuse it to view the user’s real IP address.

The whole purpose of a Virtual Private Network (VPN) is to mask people’s real IP addresses, and thus hide their identities while online.

Reader Offer: $50 Amazon gift card with demoSave 250+ yearly hours on manual configuration. Deploy your entire organization within a single day. Learn why Perimeter 81 is TechRadar’s choice for the best Business VPN. Ditch legacy hardware and make the move to the cloud. See how simple it is for yourself.

Preferred partner (What does this mean?)

Ignored by the company

As explained in the post, there is a VPN client API that doesn’t perform any authentication, meaning that any website with a malicious JavaScript attached to it can disconnect the session and expose the visitor’s real IP address.

Upon discovering the flaw, Educational-Map-8145 claims to have reached out to Atlas VPN, but was ignored. As the company didn’t have any active bug bounty programs, the researcher decided to go public. Since then, the company responded, saying it takes cybersecurity “very seriously” and that it’s currently working on developing a fix.

“We’re aware of the security vulnerability that affects our Linux client. We take security and user privacy very seriously. Therefore, we’re actively working on fixing it as soon as possible. Once resolved, our users will receive a prompt to update their Linux app to the latest version,” the company said.

The vulnerability affects Atlas VPN Linux client version 1.0.3, the company confirmed, adding that it’s working on implementing more security checks in the development process.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Until Atlas VPN comes back with a fix, users are vulnerable, and should thus exercise caution when using the VPN.

Via:BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Is it still worth using Proton VPN Free?

Mozambique VPN usage soars as internet restrictions continue

I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success