I have checked if others have suggested this already
[X] I have checked this issue tracker to see if others have reported similar issues.
Feature description
It's unclear whether mullvad VPN does anything to mitigate this issue and I was unable to find anything about it on the github or mullvad website.
Information about this on the website would be great.
Summary
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
Details
This vulnerability affects OpenVPN, WireGuard, and OpenConnect running on Linux or FreeBSD. FreeBSD is less vulnerable, but the most serious attacks are still possible.
Impact
An attacker can abuse the connection tracking framework using the vulnerability, i.e., the port shadow, in a variety of ways to subvert the privacy and security of VPN clients connected to VPN servers that use OpenVPN, WireGuard, or OpenConnect if they do not take proper precautions. Specifically, an attacker can use the port shadow to cause a victim’s packets to be rerouted to the attacker (including their VPN connection request), escalate from adjacent to in-path between the target and VPN server, inject DNS packets into the target, deanonymize their connections, cause denial-of-service, or port scan the target through the VPN server.
(I didn't know if there was a better place to ask)
I have checked if others have suggested this already
Feature description
It's unclear whether mullvad VPN does anything to mitigate this issue and I was unable to find anything about it on the github or mullvad website. Information about this on the website would be great.
Summary
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
Details
This vulnerability affects OpenVPN, WireGuard, and OpenConnect running on Linux or FreeBSD. FreeBSD is less vulnerable, but the most serious attacks are still possible.
Impact
An attacker can abuse the connection tracking framework using the vulnerability, i.e., the port shadow, in a variety of ways to subvert the privacy and security of VPN clients connected to VPN servers that use OpenVPN, WireGuard, or OpenConnect if they do not take proper precautions. Specifically, an attacker can use the port shadow to cause a victim’s packets to be rerouted to the attacker (including their VPN connection request), escalate from adjacent to in-path between the target and VPN server, inject DNS packets into the target, deanonymize their connections, cause denial-of-service, or port scan the target through the VPN server.
(I didn't know if there was a better place to ask)