1. Home
  2. Forums Index
  3. WebmasterWorld / Website Security for Webmasters 1:24 am May 21, 2026

Forum Moderators: open

Message Too Old, No Replies

VPNs With Code Execution Security Flaws Patched, Update Now

         

engine

11:49 am on Sep 11, 2018 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Security vulnerabilities in some popular VPNs could lead to code execution by bad actors. There was a patch released quite quickly, but, according to researchers, there was still a security vulnerability.

Patches have again been released, and users should update, if they have not already done so.

The malicious content of the OpenVPN file can then lead to tampering with the VPN service, information disclosure, and hijacking through arbitrary commands.

During testing of ProtonVPN VPN version 1.5.1 and NordVPN version 6.14.28.0, the security researchers found that the original patches for both VPN clients could be bypassed.

[zdnet.com...]

keyplyr

7:21 am on Sep 12, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



For my needs, I've always used a web based VPN which doesn't seem to vulnerable to this exploit, unless of course the host is using the software mentioned in the article.

martinibuster

11:42 am on Sep 12, 2018 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Just clarifying. According to the article, this vulnerability is exclusive to ProtonVPN and NordVPN.

The vulnerability isn't tied to OpenVPN itself. But rather, it exploits a vulnerability in ProtonVPN and NordVPN in order to execute code as an administrator via an "OpenVPN configuration file."

If this had affected OpenVPN itself, that would have been a real mess. :o
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Security for Webmasters 1:24 am May 21, 2026