search

mullvad / mullvadvpn-app

The Mullvad VPN client app for desktop and mobile
https://mullvad.net/
GNU General Public License v3.0
4.93k stars 335 forks source link

Informations about CVE-2021-3773 “Port Shadow” Attack and mullvad #6482

Open e-lliot opened 2 months ago

e-lliot commented 2 months ago

I have checked if others have suggested this already

Feature description

It's unclear whether mullvad VPN does anything to mitigate this issue and I was unable to find anything about it on the github or mullvad website. Information about this on the website would be great.

Summary

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

Details

This vulnerability affects OpenVPN, WireGuard, and OpenConnect running on Linux or FreeBSD. FreeBSD is less vulnerable, but the most serious attacks are still possible.

image

Impact

An attacker can abuse the connection tracking framework using the vulnerability, i.e., the port shadow, in a variety of ways to subvert the privacy and security of VPN clients connected to VPN servers that use OpenVPN, WireGuard, or OpenConnect if they do not take proper precautions. Specifically, an attacker can use the port shadow to cause a victim’s packets to be rerouted to the attacker (including their VPN connection request), escalate from adjacent to in-path between the target and VPN server, inject DNS packets into the target, deanonymize their connections, cause denial-of-service, or port scan the target through the VPN server.

(I didn't know if there was a better place to ask)

marek22k commented 3 days ago

Is there a detailed explanation of how the attack works?