Connect with us

Hi, what are you looking for?



AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure

AtlasVPN developers are working on a patch for an IP leak vulnerability after a researcher publicly disclosed the flaw due to being ignored.

AtlasVPN developers are working on a patch for an IP leak vulnerability whose details were made public by a researcher who decided to take the full disclosure route after responsible disclosure attempts were ignored.

The researcher, who apparently wants to remain anonymous, shared the details on the Full Disclosure mailing list and on Reddit, claiming that he had unsuccessfully attempted to contact AtlasVPN support in an effort to find a security contact or an official channel for reporting the vulnerability.

The security hole impacts the AtlasVPN Linux client and it can be exploited by luring the targeted user to a website hosting the exploit code. 

The exploit causes AtlasVPN to disconnect, which results in the user’s real IP address being leaked to the attacker’s website.

“The AtlasVPN Linux Client consists of two parts. A daemon (atlasvpnd) that manages the connections and a client (atlasvpn) that the user controls to connect, disconnect and list services. The client does not connect via a local socket or any other secure means but instead it opens an API on localhost on port 8076,” the researcher explained. 

“It does not have ANY authentication. This port can be accessed by ANY program running on the computer, including the browser. A malicious javascript on ANY website can therefore craft a request to that port and disconnect the VPN,” the researcher added.

The exploit code has been made public and it’s not difficult to use for malicious purposes. An attacker simply needs to upload it to a site they control. 

Advertisement. Scroll to continue reading.

After the findings were made public and AtlasVPN was contacted for comment by SecurityWeek, the company apologized for its slow reaction and promised to improve its vulnerability reporting process.

AtlasVPN told SecurityWeek in an emailed statement that it does take security and user privacy seriously and it’s actively working on a patch. Impacted users will be prompted to update their Linux app to the latest version as soon as the fix becomes available. 

“The vulnerability affects Atlas VPN Linux client version 1.0.3. As the researcher stated, due to the vulnerability, the application and, hence, encrypted traffic between a user and the VPN gateway can be disconnected by a malicious actor. This could lead to the user’s IP address disclosure,” AtlasVPN said. 

“We greatly appreciate the cybersecurity researchers’ vital role in identifying and addressing security flaws in systems, which helps safeguard against potential cyberattacks, and we thank them for bringing this vulnerability to our attention. We will implement more security checks in the development process to avoid such vulnerabilities in the future. Should anyone come across any other potential threats related to our service, please contact us via security(at),” it added.

Update 09/18/2023: AtlasVPN developers told SecurityWeek that the vulnerability has been patched.

“As of September 18th, 2023, the vulnerability is no longer present on the Linux app since its latest version. 

Following this resolution, we informed our users to update their applications to the fixed 1.1 version. Moreover, the Linux application is now available for download again on our website.

We are actively refining our internal communication processes and establishing a more structured vulnerability reporting mechanism. We are committed to ensuring that such oversights do not recur.”

Related: Is Enterprise VPN on Life Support or Ripe for Reinvention?

Related: Fortinet Patches Critical FortiGate SSL VPN Vulnerability

Related: In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.