Cookie Consent by Free Privacy Policy Generator ExpressVPN's Windows Client Bug Exposes DNS Requests | Review Space



Cover Image

ExpressVPN's Windows Client Bug Exposes DNS Requests

Understanding the Implications and Solutions for Enhanced Privacy Protection

NEWS  Security  February 13, 2024  Reading time: 2 Minute(s)

mdo Max (RS editor)


In a recent development in the realm of cybersecurity, researchers uncovered a concerning flaw within ExpressVPN's Windows client, shedding light on potential loopholes in VPN security protocols. This revelation brought to the forefront the intricate balance between privacy enhancement and susceptibility to vulnerabilities in virtual private network (VPN) services.

ExpressVPN's Windows client was found to harbor a bug that could lead to the inadvertent exposure of users' DNS requests, posing a threat to their online anonymity. This flaw, discovered by security researchers, unveiled a scenario where sensitive DNS queries could escape the encrypted VPN tunnel, potentially falling prey to surveillance by internet service providers (ISPs).

The crux of the issue lay in the "split tunneling" feature embedded within ExpressVPN's client software. This functionality, designed to provide users with flexibility in routing their internet traffic, inadvertently became the gateway for the vulnerability. By enabling split tunneling, users inadvertently granted certain applications the ability to bypass the protective cloak of the VPN, inadvertently exposing their DNS requests to external scrutiny.

express vpn split tunnelling settings

Although the leak did not compromise the actual content of users' online activities, it opened the door to the revelation of their browsing habits. This information, in the wrong hands, could be exploited for targeted advertising or tracking purposes, underscoring the gravity of the situation.

ExpressVPN swiftly responded to the issue, demonstrating their commitment to user privacy and security. With the release of version 12.73.0 in January 2024, the company patched the vulnerability, ensuring that users could mitigate the risk by updating their client software promptly.

In their official statement, ExpressVPN acknowledged the bug and provided a detailed account of the issue and the measures taken to rectify it. Furthermore, they credited CNET's Attila Tomaschek for discovering and reporting the vulnerability, showcasing the collaborative effort in safeguarding user interests.

 

This incident serves as a poignant reminder of the imperative to maintain vigilance in software upkeep, particularly in the realm of cybersecurity. It underscores the importance of regular updates and patches in fortifying defenses against emerging threats.

Moreover, it prompts users to exercise discernment in configuring VPN settings, especially features like split tunneling, which, while offering convenience, can inadvertently expose vulnerabilities. By prioritizing privacy considerations and staying informed about potential risks, users can empower themselves to make informed decisions in safeguarding their digital footprint.

 IMAGES CREDITS: EXPRESS VPN 

SHARE THIS ARTICLE



 COMMENTS


Deprecated: Implicit conversion from float 37.5 to int loses precision in /web/htdocs/www.reviewspace.info/home/bl-plugins/snicker/includes/Gregwar/Captcha/CaptchaBuilder.php on line 343 Deprecated: Implicit conversion from float 38.5 to int loses precision in /web/htdocs/www.reviewspace.info/home/bl-plugins/snicker/includes/Gregwar/Captcha/CaptchaBuilder.php on line 343 Deprecated: Implicit conversion from float 51.5 to int loses precision in /web/htdocs/www.reviewspace.info/home/bl-plugins/snicker/includes/Gregwar/Captcha/CaptchaBuilder.php on line 343 Deprecated: Implicit conversion from float 32.5 to int loses precision in /web/htdocs/www.reviewspace.info/home/bl-plugins/snicker/includes/Gregwar/Captcha/CaptchaBuilder.php on line 343 Deprecated: Implicit conversion from float 65.5 to int loses precision in /web/htdocs/www.reviewspace.info/home/bl-plugins/snicker/includes/Gregwar/Captcha/CaptchaBuilder.php on line 343 Deprecated: Implicit conversion from float 29.5 to int loses precision in /web/htdocs/www.reviewspace.info/home/bl-plugins/snicker/includes/Gregwar/Captcha/CaptchaBuilder.php on line 343 Deprecated: Implicit conversion from float 79.5 to int loses precision in /web/htdocs/www.reviewspace.info/home/bl-plugins/snicker/includes/Gregwar/Captcha/CaptchaBuilder.php on line 343 Deprecated: Implicit conversion from float 28.5 to int loses precision in /web/htdocs/www.reviewspace.info/home/bl-plugins/snicker/includes/Gregwar/Captcha/CaptchaBuilder.php on line 343 Deprecated: Implicit conversion from float 98.5 to int loses precision in /web/htdocs/www.reviewspace.info/home/bl-plugins/snicker/includes/Gregwar/Captcha/CaptchaBuilder.php on line 343 Deprecated: Implicit conversion from float 28.5 to int loses precision in /web/htdocs/www.reviewspace.info/home/bl-plugins/snicker/includes/Gregwar/Captcha/CaptchaBuilder.php on line 343
Currently there are no comments, so be the first!

*Our pages may contain affiliate links. If you buy something via one of our affiliate links, Review Space may earn a commission. Thanks for your support!
spacer

SPONSORED



SPONSORED


CATEGORIES



banner

Buy Me a Coffee at ko-fi.com