Find of the day - someone dropped an AtlasVPN on Reddit. The AtlasVPN daemon on Linux runs an HTTP server to accept CLI commands, it binds to by default.

What's hilarious is that it accepts commands without ANY authentication - so if you open a malicious webpage, that webpage can fire a POST to and instantly disconnect your VPN.

Utter garbage.


Proof below - used AtlasVPN's latest Linux client, version 1.0.3.

· · 12 · 244 · 238