Get PureVPN At 70%OFF. No Tricks. Only Treats!

PureVPN is now Zero-Log Certified by Altius IT, one of the leading independent US-based Auditors. Read More 

What is VORACLE & Are PureVPN Users Protected?

Admin
Aug 23, 2018
Aug 28, 2018
2 Comments
Download PDF

What is VORACLE & Are PureVPN Users Protected?

A recently discovered vulnerability called VORACLE has been making rounds on the internet. The vulnerability can potentially allow a hacker or intruder to exploit a loophole in OpenVPN protocol, used by the majority of VPN providers.

The credit for discovering this exploit goes to a security researcher named Ahamed Nafeez at the Black Hat and DEF CON security conferences in Las Vegas. The conferences were held last week

VORACLE has been deemed potentially dangerous since it can allow an attacker to read the data sent via the OpenVPN protocol. A hacker using this exploit might be able to recover data sent via HTTP or non-SSL services.

The good news is that the attack only works under specific conditions.

Is PureVPN Safe from this Threat?

Yes. Our servers and infrastructure have already been patched and our users don’t require to do anything at their end. This goes true for both our apps and manual users.

Furthermore, this vulnerability affected all VPN providers offering OpenVPN equally, with the majority of providers opting for a patch on server side, and requiring users to update their apps, which to a certain extent, disrupted the connectivity of users.

Being a customer-centric and privacy-focused organization, our engineers figured out a way that ensured the reduction of downtime to a mere disconnection, complete protection of our infrastructure, and maximum convenience of our users.

How does the VORACLE exploit work?

As stated above, VORACLE works under specific situations:

  • You connect via OpenVPN with compression enabled.
  • The attacker needs to be on the same network/WiFi as you are.
  • You use an HTTP connection (insecure website).
  • You use a browser that’s vulnerable to VORACLE – every browser except Chrome.
  • You visit a website that a hacker has total control over.

 

How helpful did you find this answer?

Comments (2 )

2 Comments

  1. walter says:

    我在中国无法使用purevpn,在哪里找到你们的24/7实时聊天的客服

  2. Randy M Dean says:

    I was at a website on 9/3 …..at 00:39:29 with PureVPN…..using Denmark as my anchor…….

    Somehow I was knocked off of the VPN site and the computer continued to download unprotected…..

    Yesterday I get a notice from AT&T…… Not happy that this happened……it’s not the first time I’ve went into the office to find the computer knocked off VPN…….What’s up?