Hotspot Shield VPN flaw can betray users’ location

7 February 2018

A flaw in the widely used Hotspot Shield VPN utility can be exploited by attackers to obtain sensitive information that could be used to discover users’ location and, possibly and ultimately, their real-world identity. About the vulnerability According to the entry for the vulnerability (CVE-2018-6460) in the National Vulnerability Database, Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895, and the web server uses JSONP and hosts sensitive information including configuration.

Read full news article on Help Net Security

Date:

7 February 2018

Categorie(s):

NEWS

Tag(s):

Hotspot Shield, PoC, Security Pro, VPN, Vulnerability

Microsoft unveils new security features for SOC teams to combat insider threats6 May 2024
BigID launches new hybrid scanning technology for enhance cloud data management6 May 2024
At RSA, Cisco launches bolsters in Security Cloud, built on Hypershield and Splunk6 May 2024
SecurityScorecard launches HEID AI to enhance breach prediction accuracy6 May 2024
Novel Android vulnerability exposes DNS queries6 May 2024