Introducing PureSquare – for security beyond VPNs

Visit our website

Don’t worry about forgetting your passwords ever again with the all-new password manager. Try PureKeep

What is VORACLE & Are PureVPN Users Protected?

Aug 23, 2018
Mar 22, 2022
Download PDF

What is VORACLE & Are PureVPN Users Protected?

A recently discovered vulnerability called VORACLE has been making rounds on the internet. The vulnerability can potentially allow a hacker or intruder to exploit a loophole in OpenVPN protocol, used by the majority of VPN providers.

The credit for discovering this exploit goes to a security researcher named Ahamed Nafeez at the Black Hat and DEF CON security conferences in Las Vegas. The conferences were held last week

VORACLE has been deemed potentially dangerous since it can allow an attacker to read the data sent via the OpenVPN protocol. A hacker using this exploit might be able to recover data sent via HTTP or non-SSL services.

The good news is that the attack only works under specific conditions.

Is PureVPN Safe from this Threat?

Yes. Our servers and infrastructure have already been patched and our users don’t require to do anything at their end. This goes true for both our apps and manual users.

Furthermore, this vulnerability affected all VPN providers offering OpenVPN equally, with the majority of providers opting for a patch on server side, and requiring users to update their apps, which to a certain extent, disrupted the connectivity of users.

Being a customer-centric and privacy-focused organization, our engineers figured out a way that ensured the reduction of downtime to a mere disconnection, complete protection of our infrastructure, and maximum convenience of our users.

How does the VORACLE exploit work?

As stated above, VORACLE works under specific situations:

  • You connect via OpenVPN with compression enabled.
  • The attacker needs to be on the same network/WiFi as you are.
  • You use an HTTP connection (insecure website).
  • You use a browser that’s vulnerable to VORACLE – every browser except Chrome.
  • You visit a website that a hacker has total control over.
Was this article helpful? Rate and share your comments below. Your input matters to us and everyone else in the Cyber Security Community.

How helpful did you find this answer?

Comments (2 )


  1. walter says:


  2. Randy M Dean says:

    I was at a website on 9/3 … 00:39:29 with PureVPN…..using Denmark as my anchor…….

    Somehow I was knocked off of the VPN site and the computer continued to download unprotected…..

    Yesterday I get a notice from AT&T…… Not happy that this happened……it’s not the first time I’ve went into the office to find the computer knocked off VPN…….What’s up?