Security News DNS Leak Fixed in Kaspersky VPN App for Android

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Kaspersky has fixed a bug in their Kaspersky VPN app for Android that leaked the computer's configured DNS server while using a VPN connection.

For a VPN to completely anonymize a user while they are using the Internet, it needs to not only hide the IP address, but also the computer's configured DNS servers. This way when a VPN user visits a site, all associated network traffic will flow through the assigned IP address and DNS servers from the VPN provider, rather than the local computer.

According to a security researcher Dhiraj Mishra, the bug in Kaspersky's product existed in Kaspersky VPN version 1.4.0.216 and earlier. When Mishra discovered DNS leak risk he created a report on Kaspersky's HackerOne page.

"Their was an issue in Kaspersky VPN <=v1.4.0.216 which leaks your DNS Address even after you're connected to any virtual server," Mishra told BleepingComputer via email. "I reported this vulnerability on Apr 21st (4 months ago) via H1, and a fix was pushed for same."
 
  • Like
Reactions: silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top