Security researchers have discovered two critical vulnerabilities in PureVPN Windows client which could allow attackers to retrieve the stored passwords.
The vulnerabilities were discovered by security researcher Manuel Nader from Trustwave.
The attackers could exploit the vulnerability and access the stored passwords of the last user who successfully logged in to the PureVPN service.
The first flaw discovered by the researcher is that PureVPN Windows Client stores the username and passwords in plain text.
The location of the file is ‘C:\ProgramData\purevpn\config\login.conf’ which also can be accessed by all local users.
The second flaw is attackers can obtain another user PureVPN credentials. Users just need to visit the configuration tab of PureVPN and open User Profile tab. Then if you click show password you can see passwords of other users who are successfully logged in to PureVPN.
“A local attacker may obtain another user’s PureVPN credentials when a Windows machine has multiple users, if they have successfully logged in. The attack is done exclusively through the GUI (Graphical User Interface), there’s no need to use an external tool.” said in the post published by the researcher.
The researcher notified the company about the vulnerability on August 17, 2017, and the company released a patch on June 2018.
All user are advised to update their PureVPN to version 6.1.0 or later and recommended to never reuse passwords and enable multi-factor authentication in your accounts.
You may be interested in reading:Facebook Admits using 2FA Phone Numbers for Targeted Ads