2024-02-13
200
1 minutes.


ExpressVPN: Bug with years of browsing history leaks for providers

ExpressVPN has remotely disabled tunneling due to a bug that was leaking information about user-visited domains to DNS servers that are hosted by ISPs by default.

ExpressVPN DNS Request Leak Vulnerability

Bug Detection and Audits

The bug was discovered in Windows 12.23 versions of ExpressVPN .1 - 12.72.0, released from May 19, 2022 to February 7, 2024. It only affected users using the tunneling feature, which allows some Internet traffic to be routed through a VPN tunnel. The bug was reported by researchers at Bleeping Computer.

ExpressVPN Bug with years of browsing history leaks for providers

Cause of DNS query leak

This error caused DNS queries users were directed not to the ExpressVPN infrastructure, but to the Internet service provider.

ExpressVPN Bug with years of browsing history leaks for providers

Typically, all DNS queries are made through ExpressVPN's secure DNS servers to prevent the domains visited by the user from being tracked. However, due to the vulnerability, some DNS requests were sent to DNS servers configured on the user's computer, which allowed the ISP to monitor his online activity.

Thus, Windows users using the tunneling feature may have compromised the privacy of their browsing history, which defeats the main benefit of a VPN connection.

This allows the provider to see which domains the user is visiting, such as google.com. However, the content of the user's Internet traffic remains encrypted and cannot be viewed by the provider or third party.

Number of affected users and resolution

The issue affected about 1% of ExpressVPN for Windows users, and the company has successfully reproduced the bug in tunneling mode" Allow only selected apps to use the VPN."

ExpressVPN Bug with years of browsing history leaks for providers

Users are advised to update the ExpressVPN client from version 12.23.1 to 12.73.0, which disables the tunneling feature. The company plans to return this feature in a new release when the bug is completely fixed.

Glossary

  • DNS queries are requests to establish a connection with a DNS server to obtain the IP address of a host by its domain name.
  • VPN tunnel is a secure connection between devices via the Internet, ensuring the privacy and security of transmitted information.
  • Internet provider is an organization that provides access to the Internet.
  • Bleeping Computer is a well-known resource specializing in information security and news in this area.

Links

Answers to questions

What feature has ExpressVPN disabled?

ExpressVPN has disabled the tunneling feature remotely.

What vulnerability was discovered in ExpressVPN?

A DNS query leak vulnerability has been discovered.

Who found a bug in ExpressVPN?

The bug was discovered by researchers from Bleeping Computer.

What caused users' DNS queries to leak?

A bug in ExpressVPN caused users' DNS queries to be directed to the ISP rather than the ExpressVPN infrastructure.

How did ExpressVPN solve the problem?

The company recommends that users upgrade the ExpressVPN client to a version that disables the tunneling feature, and plans to bring this feature back in a new release once the bug is fully resolved.

Copywriter Elbuz
Brief description
ExpressVPN removed the split tunneling feature after discovering a bug that exposed the domains users visited to ISPs' DNS servers.
Article Target
Inform users about a bug in ExpressVPN and warn against possible leaks of browsing history
Style
Informational
Target audience
ExpressVPN Users and ISPs


Contents:



Save a link to this article

Discussion of the topic – ExpressVPN: Bug with years of browsing history leaks for providers


ExpressVPN removed the split tunneling feature after discovering a bug that exposed the domains users visited to ISPs' DNS servers.


There are no reviews for this product.


Captcha


Next