GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP

December 27, 2024

A new decloaking technique for nearly all VPN implementations has been found, which allows attackers to inject entries into the routing tables of unsuspecting victims using DHCP option 121. This allows attackers to redirect traffic, which is supposed to be sent encrypted over the VPN, through the physical interface handling DHCP for the network the victim’s computer is connected to, effectively bypassing the VPN connection.

References

github.com/M0dEx/quincy
github.com/M0dEx/quincy/security/advisories/GHSA-hqmp-g7ph-x543
github.com/advisories/GHSA-hqmp-g7ph-x543
www.leviathansecurity.com/blog/tunnelvision

Detect and mitigate GHSA-hqmp-g7ph-x543 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →