Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1ocW1wLWc3cGgteDU0M84ABCyR

TunnelVision - decloaking VPNs using DHCP

A new decloaking technique for nearly all VPN implementations has been found, which allows attackers to inject entries into the routing tables of unsuspecting victims using DHCP option 121. This allows attackers to redirect traffic, which is supposed to be sent encrypted over the VPN, through the physical interface handling DHCP for the network the victim's computer is connected to, effectively bypassing the VPN connection.

Impact

All users are potentially affected, as this attack vector can be used against any VPN implementation without mitigations in place.

Patches

Currently, there are no existing mitigations employed by Quincy.

Workarounds

Disabling DHCP option 121 in the DHCP client is a potential workaround, as it prevents this kind of attack.

References

https://www.leviathansecurity.com/blog/tunnelvision

Permalink: https://github.com/advisories/GHSA-hqmp-g7ph-x543
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ocW1wLWc3cGgteDU0M84ABCyR
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 27 days ago
Updated: 27 days ago

CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-hqmp-g7ph-x543
References:

• https://github.com/M0dEx/quincy/security/advisories/GHSA-hqmp-g7ph-x543
• https://www.leviathansecurity.com/blog/tunnelvision
• https://github.com/advisories/GHSA-hqmp-g7ph-x543

Repository: https://github.com/M0dEx/quincy
Blast Radius: 1.0

Affected Packages