Atlas VPN Stumbles Big Time – A Vulnerability Causes IP Leaks

A Virtual Private Network is, by far, the most effective way to mask your online identity while browsing the web. Hiding your IP address is one of two major objectives of a provider. However, when a VPN slips, major repercussions are bound to occur. That’s exactly the case with none other than Atlas VPN.

Atlas VPN Leaking Data

Atlas VPN has all sorts of guides on its website, including one that showcases the things you need to do to prevent your IP from leaking.

Unfortunately, the provider itself is leaking your real IP address due to a zero-day vulnerability affecting the Linux client. How did this come to light? What is Atlas VPN doing about it? We’ve discussed everything below.

Atlas VPN: A Major Slip-Up

By now, Atlas VPN has made a name for itself in the industry, offering a cost-effective solution with WireGuard support and extensive device compatibility.

We’ve reviewed Atlas VPN in the past, and it came out with some decent results. There are some cons here and there, but nothing major.

However, an IP Leak is definitely a major issue, especially when it comes to Virtual Private Networks. When your real IP is shown to the public, identifying information will be exposed, including:

  • Exact physical location 
  • The City you reside in
  • Area and ZIP code
  • Internet Service Provider (ISP)

As seen above, the IP address is a crucial factor, as it deals with the communication between your device and the internet. Not only that, but it tells whoever gets their hands on it a lot about you.

When we tested Atlas VPN and during our evaluation, no leak was witnessed. But now, a security researcher shared on Reddit some proof that the latest Atlas VPN Linux client (1.0.3) can leak IP addresses by simply visiting a random website.

How? As he described, the Linux client has an API endpoint that listens on localhost ( over port 8076. The zero-day vulnerability has been addressed by cybersecurity researcher Chris Partridge in the following demonstration video:

The vulnerability, when executed on any website, allows anyone to disconnect the AtlasVPN Linux client and leaks the user’s IP address.

It’s pretty simple. The Atlas VPN application controls the connection, which is done through an API on localhost on port 8076.

Any website can contain malicious Javascript that can easily craft a request to that port, disconnect the VPN, and leak the IP address of the device. (Everything is shown in a detailed matter above).

A Backdoor? We Think Not!

So, basically, we have a predicament here. We clearly saw the apology that Atlas VPN posted on Reddit when the researcher posted the issue. If not, here it is:

Hi, Head of the IT Department at Atlas VPN here.

“Please accept my sincere apology for our slow reaction after you contacted Atlas VPN support. It’s unacceptable, and we will address this process accordingly so we can react much faster in the future.

I want to thank you for the responsible disclosure of the application security flaw of the Atlas VPN Linux client.

Your actions significantly contribute to the security of our service by helping us identify and address this vulnerability. I wrote you a direct email as well.

I also want to update you on our current actions:
We are fixing the issue.
We will release a new Linux client update as soon as possible.
We will notify all our Linux client users.
If you come across any more issues or have other insights, please share them with us. Once again, thank you for your time and for helping improve our service’s security.”

The researcher’s tone reflected some anger as he shared the post since the mistake was bigger than it seemed. He described the vulnerability as a backdoor.

Not only that, he also mentioned that no one can be this incompetent, let alone a VPN provider. He contacted the company and got no reply. That’s why public disclosure was the only logical option left.

Another One Bites the Dust?

A lot of VPN providers have seen their last days when they slip up this way. A VPN is a tool crafted to keep everyone safe online. By leaking their IP address, they’re doing exactly what they’re meant to protect us against.

Atlas VPN showed decent results when we reviewed it. Such a vulnerability can really tarnish its reputation, as thousands of users have been compromised.

So far, there’s no proof that the flaw is being exploited in the wild – let’s hope nothing malicious malicious comes out of this.

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.