‘SaferVPN’ Found to Be Vulnerable to Local Privilege Escalation [UPDATE]

  • ‘SaferVPN’ is vulnerable to a nasty flaw that it failed to address even after three months.
  • The flaw is now public with details and a proof of concept, so the product is not safe to use at the moment.
  • In general, it appears that ‘SaferVPN’ is going through rough times of limited resources and support.

Security researcher “nmht3t” has discovered a local privilege escalation flaw affecting the ‘SaferVPN’ product - and more specifically, its Windows client. The vulnerable versions are anything from 5.0.3.3 to the most recent one, which is 5.0.4.15. This means that the flaw, given the “CVE-2020-26050” identifier, is still unfixed, and the VPN vendor hasn’t provided a fixing patch yet. And as denoted by the identifier, the researcher reported this bug 90 days ago, so we have now reached the disclosure deadline.

The researcher has provided the proof of concept example through video and also details how to reproduce it on the relevant write-up, so anyone can now hit ‘SaferVPN.’ According to the researcher, SaferVPN spawns an OpenVPN executable in the context of NT AUTHORITYSYSTEM every time it attempts to connect to a VPN server.

Then, it tries to load an openssl.cnf configuration file for a folder in C: - which is automatically created at that moment. If someone plants a crafted configuration file in that path (C:etcsslopenssl.cnf), a malicious OpenSSL engine library will be loaded, eventually resulting in arbitrary code execution as SYSTEM.

Since this attack has publicly available instructions on carrying it out, and since the attacker wouldn’t need to have special or high privileges to launch it successfully, we would suggest that you avoid using the product until the vendor pushes a fixing update. According to the researcher, SaferVPN’s team never responded to his warnings and messages, which does not indicate an actively supported and generally “alive” project. This is very unfortunate, as SaferVPN has had a good reputation in general.

In our in-depth review of the product, SaferVPN scored a respectable 7.8 out of 10. We praised the product for not being involved in data breach incidents, being easy to install, rich in features, and having competitive pricing. On the negative side, server speeds suffered, and there was no wide platform support. These two are signs of limited resources, so again, SaferVPN appears incapable of living up to its name.

January 26, 2021 UPDATE:

SaferVPN has informed us that the vulnerability has been fixed in version 5.0.5.0, which was published soon after the story came out. The client apps should automatically check for available updates and fetch the version without the user having to do anything. As the vendor explains, there are no known reports of this vulnerability having been used to exploit systems in the wild.

REVIEW OVERVIEW

Latest

How to Watch Golden State Warriors vs. Phoenix Suns: Live Stream, Start Time, TV Channel, Odds, Predictions

Two of the best teams in the NBA will battle it out on Tuesday as the Western Conference heats up with this...

How to Watch New York Knicks vs. Brooklyn Nets: Live Stream, Start Time, TV Channel, Odds, Predictions

Two New York based teams face off in this thrilling NBA derby on Tuesday evening, as it is the New York Knicks...

How to Watch Denver Nuggets vs. Miami Heat: Live Stream, Start Time, TV Channel, Odds, Predictions

Another blockbuster NBA clash awaits us on Monday night as the Miami Heat and the Denver Nuggets collide at the FTX Arena....
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari