Perfect Privacy recently announced that it has discovered a vulnerability in a number of VPN providers that allow an attacker to expose the real IP address of a victim.
Dubbed “Port Fail”, the vulnarability affects VPN providers that offer port forwarding and have no protection against this specific attack.
“This IP leak affects all users: The victim does not need to use port forwarding, only the attacker has to set it up,” Perfect Privacy said.
The security company said that they have tested this vulnerability with nine prominent VPN providers that offer port forwarding.
“Five of those were vulnerable to the attack and have been notified in advance so they could fix this issue before publication,” Perfect Privacy said.
“However, other VPN providers may be vulnerable to this attack as we could not possibly test all existing VPN providers.”
The full attack is described here: IP leak affecting VPN providers with port forwarding