SaferVPN silently fixed a DoS vulnerability

News
By Anthony Spadafora
published

Vulnerability was patched with the release of SaferVPN version 5.0.3.3

(Image credit: Shutterstock.com)

The VPN provider SaferVPN has patched a denial of service (DoS) vulnerability in its software after a bug was discovered by a security researcher.

The vulnerability, tracked as CVE-2020-25744, was first disclosed to the company at the beginning of September by a security researcher who goes by the handle mmht3t. However, as SaferVPN silently fixed the bug with the release of version 5.0.3.3 of its VPN client, mmht3t has gone ahead and publicly disclosed the vulnerability in a recent post on Medium.

Versions of the company's VPN software before 5.0.3.3 contain a vulnerability that could allow low-privileged users to create or overwrite arbitrary files which could be exploited to launch DoS attacks.

According to mmht3t, SaferVPN users have full control over the VPN software's log folder and they can delete all of the files contained within it and create a symbolic link pointing to a high privileged file such as c:\Windows\win.ini on their Windows PC. If a user does this, the contents of the log file will be overwritten on the high privileged file.

Lack of recognition

What makes this particularly vulnerability disclosure so interesting is the fact that mmht3t responsibly disclosed the bug he found to SaferVPN and was not credited for his discovery.

VPN providers and other companies often create their own bug bounty programs or use platforms like HackerOne to do so. This allows security researchers to get paid for the bugs they find while also helping them to improve their software.

After discovering the bug in SaferVPN's Windows client, mmht3t emailed the company to inform them of the situation and then sent details about the vulnerability when requested. However, he then tried to follow up with the company twice and they did not respond on both occasions. Instead SaferVPN quietly patched the bug with the release of  version 5.0.3.3 of its VPN client. It was then that mmht3t decided to publicly disclose the bug which led to the vulnerability being assigned a CVE.

TechRadar Pro has reached out to SaferVPN in regard to the matter but we've yet to hear back at the time of writing.

  • We've also highlighted the best VPN services
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.