ExpressVPN identified and fixed a vulnerability in its Windows application that allowed RDP traffic over port 3389 to bypass the VPN tunnel, potentially exposing user IP addresses. The company responded quickly to a security researcher’s tip, releasing an update to address the flaw, which primarily affected enterprise RDP use. #ExpressVPN #RDP #VPNvulnerability
Keypoints
- The vulnerability involved debug code unintentionally shipped with some versions of the ExpressVPN Windows app.
- RDP traffic over TCP port 3389 was not routed through the VPN, exposing user IP addresses in certain cases.
- ExpressVPN issued a security update (Version 12.101.0.45) to fix the issue after being notified by a security researcher.
- The flaw mainly impacted enterprise environments, with limited risk to individual users.
- Users are advised to update their app to ensure all traffic is securely routed through the VPN.
Read More: https://thecyberexpress.com/expressvpn-fixes-windows-vpn-leak/