TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak (CVE-2024-3661)
TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak (CVE-2024-3661)
www.leviathansecurity.com CVE-2024-3661: TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak — Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory
We discovered a fundamental design problem in VPNs and we're calling it TunnelVision. This problem lets someone see what you're doing online, even if you think you're safely using a VPN.
Good summary by another user in the crosspost over in !programming@programming.dev:
You're viewing a single thread.
5
comments
breaking news: researchers discover that network protocols work as intended. mindlessly connecting to an untrusted network is still a bad idea.
to quote the article: "Do not use untrusted networks if you need absolute confidentiality of your traffic" or use HTTPS and a SOCKS5 proxy