Follow

Find of the day - someone dropped an AtlasVPN on Reddit. The AtlasVPN daemon on Linux runs an HTTP server to accept CLI commands, it binds to 127.0.0.1:8076 by default.

What's hilarious is that it accepts commands without ANY authentication - so if you open a malicious webpage, that webpage can fire a POST to 127.0.0.1:8076/connection/stop and instantly disconnect your VPN.

Utter garbage.

Source: reddit.com/r/cybersecurity/com

Proof below - used AtlasVPN's latest Linux client, version 1.0.3.

· · 12 · 244 · 238