PureVpn Suffers from Two Vulnerabilities That Can Leak Passwords [ Updated ]Figure 1 TrustWave Image Courtesy Any user may access and read the password using Command Prompt to open the file. Stealing the password may require physical access to a network, or remote access by other hacking methods. Users have been advised by the Vpn service provider to upgrade to the latest version containing a fix to one of two vulnerabilities. In a statement “The PureVpn Windows Client provided by PureVpn, the Vpn service provider can allow a local attacker to retrieve the last user’s stored password that has successfully logged in to the PureVpn service. For this purpose, a local attacker can obtain PureVpn credentials from another user if a Windows machine has multiple users if they have logged in successfully. The attack is carried out exclusively through the Gui (Graphical User Interface) no external tool is required. “The firm has not yet disclosed when it will patch the program to remove the remaining vulnerability. If you don’t want to put yourself at any risk until the bug is patched, it is recommended to use a different Vpn temporarily. Our team reached out to PureVpn and waited for their answer to this question. –Update– She also said, “The group has raised concerns for now and is misunderstanding it as a flaw that we have temporarily removed and released a new version 6.2.2. We would like to remind those users of our who use this function to retrieve the separate password for Vpn that we are preparing to redesign the future with these concerns in mind and include it back in our release in November 2018. “

Comments are closed.