2 野に咲く名無し@転載禁止 (主) 2023/09/07 02:19:38
Atlas VPN zero-day vulnerability leaks users' real IP address
https://www.bleepingcomputer.com/news/security/atlas-vpn-zero-day-vulnerability-leaks-users-real-ip-address/
This PoC creates a hidden form that is automatically submitted by JavaScript to connect to the http://127.0.0.1:8076/connection/stop API endpoint URL.
When this API endpoint is accessed, it automatically terminates any active Atlas VPN sessions that hide a user's IP address.
Once the VPN connection is disconnected, the PoC will connect to the api.ipify.org URL to log the visitor's actual IP address.