[German]A security expert has discovered that the VPN service Hotspot Shield, which is supposed to guarantee privacy, leaks sensitive information about the user.
AnchorFree is one of the largest VPN providers in the USA and the company behind the HotSpot Shield VPN service. The company advertises its service as:
Get Internet privacy, security, security, blocked access to websites and more through the download hotspot Shield VPN today.
In Google Play Store there is the App Hotspot Shield Free VPN Proxy WiFi Security. There are 500 million users of this VPN service.
A information disclosure vulnerability
Security researcher Paulos Yibelo has now discovered an information disclosure vulnerability Hotspot Shield. According to CVE-2018-6460, Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.
Paulos Yibelo has published his findings here. At ZDNet. com, Zack Withacker, disussed the topic within this article. Withacker posted a screenshot, where no IP address of the user system can be found in the communication. But data like the network name is transferred.