TunnelVision | CVE-2024-3661 VPN vulnerability
by b0b1899 - Tuesday May 7, 2024 at 07:49 PM
Banned

Posts: 54
Threads: 7
Joined: Feb 2024
Reputation: 32
#1
05-07-2024, 07:49 PM (This post was last modified: 05-07-2024, 07:50 PM by b0b1899.)
Recently Leviathan Security Group has found a VPN vulnerability that allows an admin on a network to see all of VPN traffic unencrypted with DHCP option 121.
The only way to stay safe is use Android that doesn't have 121 option of DHCP. For Windows and Linux you can use Android hotspot to connect to Internet and then you can turn on your VPN. Or you can use a VM but only if the Internet adapter isn't on "bridged".
Here there is the official report from Leviathan website: https://www.leviathansecurity.com/blog/tunnelvision
Thanks for your attention and good luck,
@b0b1899
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Spamming | https://breachforums.hn/Forum-Ban-Appeals if you feel this is incorrect.
Reply
Thanks @Dev for the rank & pfp
VIP
Posts: 547
Threads: 22
Joined: Nov 2023
Reputation: 293

Shoutbox AddictCoderWeb Developer
#2
05-07-2024, 07:50 PM
(05-07-2024, 07:49 PM)b0b1899 Wrote: Recently Leviathan Security Group has found a VPN vulnerability that allows an admin on a network to see all of VPN traffic unencrypted with DHCP option 121.
The only way to stay safe is use Android that doesn't have 121 option of DHCP. For Windows and Linux you can use Android hotspot to connect to Internet and then you can turn on your VPN. Or you can use a VM but only if the Internet adapter isn't on "bridged".
Here there is the official report from Leviathan website: https://www.leviathansecurity.com/blog/tunnelvision
Thanks for your attention and good luck,
@b0b1899

Using hotspot is worst imo
Reply
Banned

Posts: 54
Threads: 7
Joined: Feb 2024
Reputation: 32
#3
05-07-2024, 08:01 PM
(05-07-2024, 07:50 PM)baphometmahomet Wrote:
(05-07-2024, 07:49 PM)b0b1899 Wrote: Recently Leviathan Security Group has found a VPN vulnerability that allows an admin on a network to see all of VPN traffic unencrypted with DHCP option 121.
The only way to stay safe is use Android that doesn't have 121 option of DHCP. For Windows and Linux you can use Android hotspot to connect to Internet and then you can turn on your VPN. Or you can use a VM but only if the Internet adapter isn't on "bridged".
Here there is the official report from Leviathan website: https://www.leviathansecurity.com/blog/tunnelvision
Thanks for your attention and good luck,
@b0b1899

Using hotspot is worst imo

Thanks @baphometmahomet for your reply but use an hotspot allows you to bypass the vulnarablity. However I think a VM is better than an hotspot.
Good luck,
@b0b1899
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Spamming | https://breachforums.hn/Forum-Ban-Appeals if you feel this is incorrect.
Reply
Breached
Member
Posts: 5
Threads: 0
Joined: May 2024
Reputation: 0
#4
05-07-2024, 08:58 PM
thanks appreciate thisnice thnx a lot
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Vulnerability Discovery Methodologies and Resources breachxyz 6 694 11-04-2024, 04:43 PM
Last Post: ScienceGeek42
  How to Automate Finding IDOR vulnerability breachxyz 1 347 10-12-2024, 06:16 AM
Last Post: Haffa
  Breachforums end (OCT-2024) Unproposed 22 1,411 09-29-2024, 04:55 PM
Last Post: azdfgaAG
  Investing 2024 workingforyou 8 589 09-09-2024, 12:25 PM
Last Post: DredgenSun
  Is there a complete solid 2024 OpSec guide floating around? earflaps 11 793 08-23-2024, 08:04 AM
Last Post: smashmouth4000

Forum Jump:


 Users browsing this thread: