Nord VPN v6.14.31 suffers from Local Vector DoS Vulnerability

A denial of service vulnerability was found in the Nord VPN version 6.14.31 on the 30th of August, 2018. This vulnerability was discovered by LORD (borna nematzadeh) who also provided a proof of concept for the exploit. According to LORD’s experimentation with it, the exploit exists in version 6.14.31 of the Nord VPN and it is exploitable on the Windows 10 operating system.

According to LORD, the vulnerability is exploited when the python exploit code is run. The nord.txt file must be opened and the contents of the text file must be copied onto the device’s clipboard. Next, the Nord VPN application must be opened and run, entering any arbitrary email address into the username field of the login page and pasting the clipboard copied text file contents into the password field. Pressing enter causes the application to crash, requiring that you quit the application entirely, refresh it, and restart it again.

A CVE identification label has not been assigned to the vulnerability as of yet and news hasn’t emerged from the vendor regarding the issue either. There are no mitigation techniques or advisories at present to avoid the denial of service crash in the Nord VPN software other than being aware of the full trail of the proof of concept presented and avoiding the steps necessary to deliberately cause a denial of service crash.

Given the details of the vulnerability, I believe that the vulnerability falls at a base score of 4 approximately in terms of risk. It has a local attack vector and low attack complexity. The vulnerability also doesn’t need any privileges to execute or require any user interaction to move forward. There doesn’t appear to be any confidentiality or integrity impact. The only factor affected is the application’s availability due to the denial of service crash. This exploit is easily avoidable and doesn’t pose a significant risk to the user’s privacy or security; it only affects convenience due to its ability to cause the application to stop responding.

Aaron Michael
Aaron Micheal is an electrical engineer by profession and a hard-core gamer by passion. His exceptional experience with computer hardware and profound knowledge in gaming makes him a very competent writer. What makes him unique is his growing interest in the state of the art technologies that motivates him to learn, adopt, and integrate latest techniques into his work.

Expert Tip

Nord VPN v6.14.31 suffers from Local Vector DoS Vulnerability

If the issue is with your Computer or a Laptop you should try using Restoro which can scan the repositories and replace corrupt and missing files. This works in most cases, where the issue is originated due to a system corruption. You can download Restoro by clicking the Download button below.

Download Now

I'm not interested