1

ExpressVPN bug leaks DNS requests for Windows users with split tunneling:(www.bleepingcomputer.com)

posted
by
Avatar
Squire1039@lemm.ee
in
Avatar
technology@lemmy.world
3 comments
hidereport

Bug:

Affected versions 12.23.1-12.72.0 (May 2022-Feb 2024) with split tunneling feature.

Impact:

Exposed visited domains to user’s ISP, potentially leaking browsing history.

Affected users:

Windows users with active split tunneling (about 1%).

Fix:

Upgrade to version 12.73.0 (removes split tunneling temporarily).

Alternatives:

Disable split tunneling or use ExpressVPN version 10.

Note:

All other traffic and content remain encrypted.

Sort:
HotTopControversialNewOld
Avatar
ArchAengelus@lemmy.dbzer0.com
1 point

Uh, I might be wrong here, but isn’t the whole purpose of split tunneling to allow you to send only necessary traffic through a given tunnel? Then the rest of your traffic goes whatever the default path is?

This seems more like a feature than a CVE. Maybe I’m missing something.

permalink
report
reply
Avatar
vividspecter@lemm.ee
1 point

They might mean it’s happening even with requests routed through the VPN.

permalink
report
parent
reply
Avatar
Still@programming.dev
1 point

so it would be like you say I want Firefox to go thru the tunnel, you would want the DNS requests made from it to go thru as well, in this case they weren’t tunneled and were just going to the normal dns server

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

Community stats

  • 18K

    Monthly active users

  • 5K

    Posts

  • 90K

    Comments

Community moderators