HomeVS-LabsSecurity ResearchPureVPN for Windows

PureVPN for Windows

PureVPN for Windows suffers from a SYSTEM privilege escalation vulnerability in its sevpnclient service. When configured to use the OpenVPN protocol, the sevpnclient service executes openvpn.exe using the OpenVPN config file located at C:ProgramDatapurevpnconfigconfig.ovpn. This file allows Write permissions to users in the EVERYONEgroup. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user

A Look at RACI Models within Application Threat Modeling

Offensive Security

DevSecOps

GRC Services

Threat Intelligence

VS-Labs Security Research

Envisions Geopolitical Threat Report:

By Industry

Chrome Exploitation: How to easily launch a Chrome RCE+SBX exploit chain with one command

Security Resources

5 Steps to Implement an Application Threat Modeling Program

Who We Are

PureVPN for Windows

Date

Follow Us

You May Also Like

Printer Spooler Bug Research

Windows Kernel Drive Vulnerability Research: CVE-2020-17087

Cyber Attacks on Smart Cars Using SDR

PureVPN for Windows

Date

Follow Us

Share

You May Also Like

Printer Spooler Bug Research

Windows Kernel Drive Vulnerability Research: CVE-2020-17087

Cyber Attacks on Smart Cars Using SDR