‘SaferVPN’ Found to Be Vulnerable to Local Privilege Escalation

  • ‘SaferVPN’ is vulnerable to a nasty flaw that it failed to address even after three months.
  • The flaw is now public with details and a proof of concept, so the product is not safe to use at the moment.
  • In general, it appears that ‘SaferVPN’ is going through rough times of limited resources and support.

Security researcher “nmht3t” has discovered a local privilege escalation flaw affecting the ‘SaferVPN’ product – and more specifically, its Windows client. The vulnerable versions are anything from 5.0.3.3 to the most recent one, which is 5.0.4.15. This means that the flaw, given the “CVE-2020-26050” identifier, is still unfixed, and the VPN vendor hasn’t provided a fixing patch yet. And as denoted by the identifier, the researcher reported this bug 90 days ago, so we have now reached the disclosure deadline.

The researcher has provided the proof of concept example through video and also details how to reproduce it on the relevant write-up, so anyone can now hit ‘SaferVPN.’ According to the researcher, SaferVPN spawns an OpenVPN executable in the context of NT AUTHORITY\SYSTEM every time it attempts to connect to a VPN server.

Then, it tries to load an openssl.cnf configuration file for a folder in C:\ – which is automatically created at that moment. If someone plants a crafted configuration file in that path (C:\etc\ssl\openssl.cnf), a malicious OpenSSL engine library will be loaded, eventually resulting in arbitrary code execution as SYSTEM.

Since this attack has publicly available instructions on carrying it out, and since the attacker wouldn’t need to have special or high privileges to launch it successfully, we would suggest that you avoid using the product until the vendor pushes a fixing update. According to the researcher, SaferVPN’s team never responded to his warnings and messages, which does not indicate an actively supported and generally “alive” project. This is very unfortunate, as SaferVPN has had a good reputation in general.

In our in-depth review of the product, SaferVPN scored a respectable 7.8 out of 10. We praised the product for not being involved in data breach incidents, being easy to install, rich in features, and having competitive pricing. On the negative side, server speeds suffered, and there was no wide platform support. These two are signs of limited resources, so again, SaferVPN appears incapable of living up to its name.

REVIEW OVERVIEW

Latest

Apple TV+ One-Year Free Trials Extended Until July 2021

Buyers of Apple TV devices have just gotten a second Apple TV+ subscription extension.This adds up to another nine full months of...

The Scottish Environment Protection Agency Was Hit by Ransomware

The Scottish Environment Protection Agency (SEPA) was compromised by the Conti group almost a month ago.The ransomware gang is now leaking part...

Discovery Plus Keeps Crashing: Here’s How to Fix It

Discovery Plus has been out for over a week now and users are reporting various issues they have with the service. One...