Chris PartridgeSep 2, 2023

Find of the day - someone dropped an AtlasVPN #0day on Reddit. The AtlasVPN daemon on Linux runs an HTTP server to accept CLI commands, it binds to 127.0.0.1:8076 by default.

What's hilarious is that it accepts commands without ANY authentication - so if you open a malicious webpage, that webpage can fire a POST to 127.0.0.1:8076/connection/stop and instantly disconnect your VPN.

Utter garbage.

Source: https://www.reddit.com/r/cybersecurity/comments/167f16e/atlasvpn_linux_client_103_remote_disconnect/

Proof below - used AtlasVPN's latest Linux client, version 1.0.3.

AtlasVPN Linux Client 1.0.3 Remote Disconnect Exploit

*Throwaway for obvious reasons.* The following is my 0day. This code, when executed on any website, disconnects the AtlasVPN linux client and...

reddit
Show threadShortfinga
@tweedge TIL: CORS has a concept of Simple requests
(https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests)
Cross-Origin Resource Sharing (CORS) - HTTP | MDN

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. CORS also relies on a mechanism by which browsers make a "preflight" request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request.

MDN Web Docs
Sep 3, 2023 at 7:13amWeb