Breakpointing-Bad-Public
/
vpn-attacks
7
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 Commits
1 Branch
0 Tags
530 MiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
vpn-attacks/vendor-patches/ProtonVPN/Stay safe on ProtonVPN desp...

1021 lines
57 KiB
Raw Permalink Blame History

<!DOCTYPE html>
<html class="no-js" lang="en-US"><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<link rel="icon" href="https://protonvpn.com/assets/img/favicon.ico">
<link rel="stylesheet" type="text/css" href="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/font-awesome.css">
<link href="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/style.css" rel="stylesheet">
<title>Stay safe on ProtonVPN despite CVE-2019-14899 - ProtonVPN Blog</title>
<!-- This site is optimized with the Yoast SEO plugin v11.8 - https://yoast.com/wordpress/plugins/seo/ -->
<meta name="description" content="There is a new security flaw that affects all VPN services’ Android, iOS, and macOS apps. Here’s how to mitigate this vulnerability.">
<link rel="canonical" href="https://protonvpn.com/blog/statement-on-cve-2019-14899/">
<meta property="og:locale" content="en_US">
<meta property="og:type" content="article">
<meta property="og:title" content="Stay safe on ProtonVPN despite CVE-2019-14899 - ProtonVPN Blog">
<meta property="og:description" content="There is a new security flaw that affects all VPN services’ Android, iOS, and macOS apps. Here’s how to mitigate this vulnerability.">
<meta property="og:url" content="https://protonvpn.com/blog/statement-on-cve-2019-14899/">
<meta property="og:site_name" content="ProtonVPN Blog">
<meta property="article:publisher" content="https://www.facebook.com/ProtonVPN/">
<meta property="article:section" content="Security">
<meta property="article:published_time" content="2019-12-13T02:35:15+00:00">
<meta property="article:modified_time" content="2019-12-13T02:35:16+00:00">
<meta property="og:updated_time" content="2019-12-13T02:35:16+00:00">
<meta name="twitter:card" content="summary">
<meta name="twitter:description" content="There is a new security flaw that affects all VPN services’ Android, iOS, and macOS apps. Here’s how to mitigate this vulnerability.">
<meta name="twitter:title" content="Stay safe on ProtonVPN despite CVE-2019-14899 - ProtonVPN Blog">
<meta name="twitter:site" content="@ProtonVPN">
<meta name="twitter:creator" content="@ProtonVPN">
<script type="application/ld+json" class="yoast-schema-graph yoast-schema-graph--main">{"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://protonvpn.com/blog/#organization","name":"ProtonVPN","url":"https://protonvpn.com/blog/","sameAs":["https://www.facebook.com/ProtonVPN/","https://www.instagram.com/explore/tags/protonvpn/top/","https://www.linkedin.com/company/protonvpn/","https://twitter.com/ProtonVPN"],"logo":{"@type":"ImageObject","@id":"https://protonvpn.com/blog/#logo","url":"https://protonvpn.com/blog/wp-content/uploads/2017/06/protonvpn-sign-green-2.png","width":512,"height":512,"caption":"ProtonVPN"},"image":{"@id":"https://protonvpn.com/blog/#logo"}},{"@type":"WebSite","@id":"https://protonvpn.com/blog/#website","url":"https://protonvpn.com/blog/","name":"ProtonVPN Blog","publisher":{"@id":"https://protonvpn.com/blog/#organization"},"potentialAction":{"@type":"SearchAction","target":"https://protonvpn.com/blog/?s={search_term_string}","query-input":"required name=search_term_string"}},{"@type":"WebPage","@id":"https://protonvpn.com/blog/statement-on-cve-2019-14899/#webpage","url":"https://protonvpn.com/blog/statement-on-cve-2019-14899/","inLanguage":"en-US","name":"Stay safe on ProtonVPN despite CVE-2019-14899 - ProtonVPN Blog","isPartOf":{"@id":"https://protonvpn.com/blog/#website"},"datePublished":"2019-12-13T02:35:15+00:00","dateModified":"2019-12-13T02:35:16+00:00","description":"There is a new security flaw that affects all VPN services\u2019 Android, iOS, and macOS apps. Here\u2019s how to mitigate this vulnerability.","breadcrumb":{"@id":"https://protonvpn.com/blog/statement-on-cve-2019-14899/#breadcrumb"}},{"@type":"BreadcrumbList","@id":"https://protonvpn.com/blog/statement-on-cve-2019-14899/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"item":{"@type":"WebPage","@id":"https://protonvpn.com/blog/","url":"https://protonvpn.com/blog/","name":"Home"}},{"@type":"ListItem","position":2,"item":{"@type":"WebPage","@id":"https://protonvpn.com/blog/category/security/","url":"https://protonvpn.com/blog/category/security/","name":"Security"}},{"@type":"ListItem","position":3,"item":{"@type":"WebPage","@id":"https://protonvpn.com/blog/statement-on-cve-2019-14899/","url":"https://protonvpn.com/blog/statement-on-cve-2019-14899/","name":"Statement from ProtonVPN regarding CVE-2019-14899"}}]},{"@type":"Article","@id":"https://protonvpn.com/blog/statement-on-cve-2019-14899/#article","isPartOf":{"@id":"https://protonvpn.com/blog/statement-on-cve-2019-14899/#webpage"},"author":{"@id":"https://protonvpn.com/blog/#/schema/person/dd55cda5ab495b910f0e9de2ddbf5c10"},"headline":"Statement from ProtonVPN regarding CVE-2019-14899","datePublished":"2019-12-13T02:35:15+00:00","dateModified":"2019-12-13T02:35:16+00:00","commentCount":"5","mainEntityOfPage":{"@id":"https://protonvpn.com/blog/statement-on-cve-2019-14899/#webpage"},"publisher":{"@id":"https://protonvpn.com/blog/#organization"},"articleSection":"Security"},{"@type":["Person"],"@id":"https://protonvpn.com/blog/#/schema/person/dd55cda5ab495b910f0e9de2ddbf5c10","name":"Proton Team","image":{"@type":"ImageObject","@id":"https://protonvpn.com/blog/#authorlogo","url":"https://secure.gravatar.com/avatar/10b70c3a5d6cead8d8956df02549d1b3?s=96&d=mm&r=g","caption":"Proton Team"},"description":"We are the scientists, engineers, and developers who build ProtonMail, the world's largest encrypted email service. We're now building ProtonVPN also to ensure that everybody can have access to free and secure internet.","sameAs":[]}]}</script>
<!-- / Yoast SEO plugin. -->
<link rel="dns-prefetch" href="https://s.w.org/">
<link rel="alternate" type="application/rss+xml" title="ProtonVPN Blog » Feed" href="https://protonvpn.com/blog/feed/">
<link rel="alternate" type="application/rss+xml" title="ProtonVPN Blog » Comments Feed" href="https://protonvpn.com/blog/comments/feed/">
<link rel="alternate" type="application/rss+xml" title="ProtonVPN Blog » Statement from ProtonVPN regarding CVE-2019-14899 Comments Feed" href="https://protonvpn.com/blog/statement-on-cve-2019-14899/feed/">
<script type="text/javascript">
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/protonvpn.com\/blog\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.4.1"}};
/*! This file is auto-generated */
!function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings);
</script><script src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/wp-emoji-release.js" type="text/javascript" defer="defer"></script>
<style type="text/css">
img.wp-smiley,
img.emoji {
display: inline !important;
border: none !important;
box-shadow: none !important;
height: 1em !important;
width: 1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel="stylesheet" id="wp-block-library-css" href="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/style_002.css" type="text/css" media="all">
<link rel="stylesheet" id="wpum-frontend-css" href="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/wpum.css" type="text/css" media="all">
<script type="text/javascript" src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/jquery.js"></script>
<script type="text/javascript" src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/jquery-migrate.js"></script>
<script type="text/javascript" src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/frontend.js"></script>
<link rel="https://api.w.org/" href="https://protonvpn.com/blog/wp-json/">
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://protonvpn.com/blog/xmlrpc.php?rsd">
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://protonvpn.com/blog/wp-includes/wlwmanifest.xml">
<meta name="generator" content="WordPress 5.4.1">
<link rel="shortlink" href="https://protonvpn.com/blog/?p=3447">
<link rel="alternate" type="application/json+oembed" href="https://protonvpn.com/blog/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fprotonvpn.com%2Fblog%2Fstatement-on-cve-2019-14899%2F">
<link rel="alternate" type="text/xml+oembed" href="https://protonvpn.com/blog/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fprotonvpn.com%2Fblog%2Fstatement-on-cve-2019-14899%2F&amp;format=xml">
<!-- / HREFLANG Tags by DCGWS Version 1.9.6 -->
<!-- / HREFLANG Tags by DCGWS -->
<!-- <meta name="vfb" version="2.8.8" /> -->
</head>
<body class="post-template-default single single-post postid-3447 single-format-standard wp-embed-responsive vpn-blog" data-new-gr-c-s-check-loaded="8.869.0" data-gr-ext-installed="">
<div id="navbar-mobile-overlay"></div>
<div id="navbar-mobile">
<a href="#" class="navbar-toggler close fa fa-times fa-2x"></a>
<div class="navbar-mobile-logo"></div>
<ul class="navbar-nav">
<li class="nav-item">
<a class="nav-link" href="https://protonvpn.com/about">About</a>
</li>
<li class="nav-item">
<a class="nav-link" href="https://protonvpn.com/secure-vpn">Features</a>
</li>
<li class="nav-item">
<a class="nav-link" href="https://protonvpn.com/pricing">Pricing</a>
</li>
<li class="nav-item active">
<a class="nav-link" href="https://protonvpn.com/blog/">Blog</a>
</li>
<li class="nav-item">
<a class="nav-link" href="https://protonvpn.com/support">Support</a>
</li>
<li class="nav-item">
<a class="nav-link" href="https://account.protonvpn.com/">Login</a>
</li>
<li class="nav-item">
<a class="nav-link" href="https://protonvpn.com/pricing">Signup</a>
</li>
</ul>
</div>
<div id="topbar">
<div class="container text-right">
<a class="pull-left" href="https://protonvpn.com/"><i class="fa fa-chevron-left"></i> &nbsp;Return to protonvpn.com</a>
<a href="https://facebook.com/ProtonVPN" target="_blank" rel="noreferrer nofollow noopener"><i class="fa fa-facebook"></i><span> Facebook</span></a>&nbsp;&nbsp;
<a href="https://twitter.com/ProtonVPN" target="_blank" rel="noreferrer nofollow noopener"><i class="fa fa-twitter"></i><span> Twitter</span></a>&nbsp;&nbsp;
<a href="https://www.reddit.com/r/ProtonVPN/" target="_blank" rel="noreferrer nofollow noopener"><i class="fa fa-reddit-alien"></i><span> Reddit</span></a>&nbsp;&nbsp;
<a href="https://www.instagram.com/protonvpn/" target="_blank" rel="noreferrer nofollow noopener"><i class="fa fa-instagram"></i><span> Instagram</span></a>&nbsp;&nbsp;
<a href="https://mastodon.social/@ProtonVPN" target="_blank" rel="noreferrer nofollow noopener"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 15 15" width="15" height="15" class="mastodon-icon" aria-hidden="true"><path d="M13.578 5.205c0-2.778-1.823-3.593-1.823-3.593-.916-.42-2.493-.598-4.132-.612h-.044c-1.64.014-3.211.193-4.132.612 0 0-1.823.815-1.823 3.593 0 .636-.01 1.398.01 2.203.067 2.72.496 5.396 3.009 6.062a9.46 9.46 0 0 0 2.956.328c1.451-.082 2.27-.516 2.27-.516l-.047-1.056s-1.042.328-2.204.29c-1.153-.04-2.373-.126-2.56-1.544a2.626 2.626 0 0 1-.025-.4s1.133.28 2.57.342c.878.044 1.703-.048 2.542-.15 1.606-.192 3.004-1.18 3.178-2.082.28-1.428.255-3.477.255-3.477zm-2.146 3.578h-1.33V5.518c0-.69-.29-1.037-.869-1.037-.641 0-.96.415-.96 1.235v1.789H6.949v-1.79c0-.819-.323-1.234-.96-1.234-.579 0-.868.348-.868 1.037v3.265H3.775V5.417c0-.69.173-1.235.525-1.64.362-.405.84-.612 1.428-.612.68 0 1.2.26 1.538.786l.333.555.332-.555c.343-.526.859-.786 1.539-.786.588 0 1.065.207 1.427.612.352.405.526.95.526 1.64v3.366z"></path></svg><span> Mastodon</span></a>&nbsp;&nbsp;
<a href="https://protonmail.com/" target="_blank" rel="noreferrer nofollow noopener"><i class="pm-icon"></i><span> ProtonMail</span></a>
</div>
</div>
<nav class="navbar navbar-toggleable-md navbar-inverse" id="navbar-main">
<span class="ghost-bar"></span>
<div class="container">
<button class="navbar-toggler navbar-toggler-right" type="button">
<span class="navbar-toggler-icon"></span>
</button>
<a class="navbar-brand" href="https://protonvpn.com/blog">
<em></em>
<i></i>
<img src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/protonvpn-white-transparent.svg" onerror="this.src='/assets/img/protonvpn-white-transparent.png'">
</a>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto"></ul> <!-- used for right alignment -->
<ul class="navbar-nav">
<li class="nav-item">
<a class="nav-link" href="https://protonvpn.com/about" style="width: 77px;">About</a>
</li>
<li class="nav-item">
<a class="nav-link" href="https://protonvpn.com/secure-vpn" style="width: 98px;">Features</a>
</li>
<li class="nav-item">
<a class="nav-link" href="https://protonvpn.com/pricing" style="width: 85px;">Pricing</a>
</li>
<li class="nav-item active">
<a class="nav-link" href="https://protonvpn.com/blog/" style="width: 73px;">Blog</a>
</li>
<li class="nav-item">
<a class="nav-link" href="https://protonvpn.com/support" style="width: 91px;">Support</a>
</li>
<li class="divider"></li>
<li class="nav-item" id="nav-login">
<a class="nav-link text-success text-uppercase" href="https://account.protonvpn.com/" style="width: 84px;">Login</a>
</li>
<li class="nav-item" id="nav-signup">
<a class="nav-link btn btn-success text-uppercase" href="https://protonvpn.com/pricing" style="width: 103px;">Signup</a>
</li>
</ul>
</div>
</div>
</nav>
<div class="container main">
<p id="breadcrumbs"><span><span><a href="https://protonvpn.com/blog/">Home</a><span><a href="https://protonvpn.com/blog/category/security/">Security</a><span class="breadcrumb_last" aria-current="page">Statement from ProtonVPN regarding CVE-2019-14899</span></span></span></span></p>
<div class="row">
<div class="col-lg-9">
<div class="clear"></div>
<h1>Statement from ProtonVPN regarding CVE-2019-14899</h1>
<p class="meta">Posted on December 13th, 2019 by <a href="https://protonvpn.com/blog/author/protoblogadmin/" title="Posts by Proton Team" rel="author">Proton Team</a> in <a href="https://protonvpn.com/blog/category/security/" rel="category tag">Security</a>.</p>
<div class="entry">
<p>On Dec. 4, security researchers at the <a rel="noreferrer noopener" aria-label=" (opens in a new tab)" href="https://seclists.org/oss-sec/2019/q4/122" target="_blank">IT security site SecLists</a>
announced a security flaw known as CVE-2019-14899 that affects all VPNs
that use the OpenVPN protocol and most VPNs that use the IKEv2/IPSec
protocol In narrow circumstances. <strong>This vulnerability cannot be
used for mass surveillance. It allows attackers to actively probe (or
“guess”) what IP and port a TCP connection is connected to. </strong>CVE-2019-14899
could represent a problem for users when they are specifically targeted
by an attacker who controls the WiFi or LAN they are connected to, but
the high difficulty of executing this attack versus the rather minimal
access an attacker receives means this attack is unlikely to be deployed
against the average VPN user.</p>
<p>Unfortunately, there is relatively little that VPN services can do
themselves to patch the issue because it affects VPN connections by
exploiting the operating system. While developers of Android, iOS, and
macOS software work to resolve the problem, we are also taking steps to
mitigate risks to our users, and we will be implementing a fix to our
Linux client. This article describes those steps and explains more about
the vulnerability.</p>
<h3>What is CVE-2019-14899?</h3>
<p>CVE-2019-14899 is not a flaw in any specific VPN service or VPN
protocol. Rather, it is a clever exploit of the “weak host model” (for
interested readers, here is a good explanation of <a href="https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc137807(v=msdn.10)?redirectedfrom=MSDN" target="_blank" rel="noreferrer noopener" aria-label=" (opens in a new tab)">weak host models</a>), adopted by macOS, iOS, Android, and certain versions of Linux.</p>
<p>The vulnerability is inherent to the default IP routing strategies
and policies that are used by route-based protocols (like OpenVPN).
Android, iOS, and macOS only allow VPNs that use route-based protocols,
so <strong>any VPN app on Android, iOS, and macOS is vulnerable.&nbsp;</strong></p>
<p>The situation is slightly different on Linux, where OpenVPN is a
route-based protocol while StrongSwan and IKEv2/IPSec act as
policy-based protocols (and thus not affected). The ProtonVPN Linux
client uses OpenVPN and is therefore currently vulnerable, though we
have identified a fix and are working to implement it.&nbsp;</p>
<p><strong>Windows apps, including the ProtonVPN Windows app, are not affected.</strong></p>
<p><em>Learn more about <a href="https://protonvpn.com/blog/whats-the-best-vpn-protocol/" target="_blank" rel="noreferrer noopener" aria-label=" (opens in a new tab)">VPN protocols</a>.</em></p>
<h3>Impact of CVE-2019-14899</h3>
<p>Contrary to the sensational reporting online, <strong>this vulnerability does not permit data packet inspection or large-scale monitoring of user activity</strong>.
Instead, it allows an attacker to probe a specific, known TCP
connection and “guess” if it is connected to a specific destination IP
and port. If the attacker guesses the correct IP and port, they will
confirm the connection exists. If the connection is unencrypted, the
attacker could then inject data into it.</p>
<p>Provided there is no reverse path filtering, an attacker that
controls your L2 link (i.e., your WiFi or LAN) can send specially
crafted packets to your device. The attacker can then use those packets
to actively probe for certain properties of the TCP connections
originating from your device. In other words, by controlling a device’s
access point to the Internet, an attacker can infer if the user is
connected to a specific host and port.</p>
<p>Additionally, if a TCP connection is unencrypted inside the VPN
tunnel (if you visit a page that uses HTTP instead of HTTPS, for
instance), the attacker can inject packets into that specific
unencrypted stream. This would allow an attacker to feed your device
fake HTML content for that particular stream. That would be dangerous,
but as previously stated, the attacker must target a specific TCP
connection, so it is not a simple vulnerability to exploit.</p>
<h3>Possible solutions</h3>
<p><strong>Linux</strong></p>
<p>To mitigate CVE-2019-14899, Linux clients have two possible solutions:</p>
<ul><li>Enable strict reverse path filtering: <code>sysctl net.ipv4.conf.all.rp_filter=1</code></li><li>Employ IPTables: <code>iptables -t raw \! -i tun0 -d 10.0.0.0/8 -j DROP</code></li></ul>
<p>A general workaround for all operating systems would be to separate
the L2 of the machine by using a VM or a non-bridged container. In that
situation, the kernel of the machine connected to the network has no
knowledge of the VPN interface, and therefore cannot leak any
information.</p>
<p><strong>We have decided to implement the IPTables solution for our Linux client.</strong> We will publish an update on social media when our Linux client has been updated.&nbsp;</p>
<p><strong>Android</strong></p>
<p>To resolve this vulnerability on an Android device, you would need
either a rooted phone, or Android developers would need to address the
security flaw by releasing a fix in its operating system. We will
closely monitor the progress on this issue on the Android platform.</p>
<p><strong>iOS and macOS</strong></p>
<p>Similarly, the solution for an iOS device would require either a
jail-broken phone or Apple developers to fix this vulnerability in its
operating system. There is no satisfactory resolution for macOS, either,
until Apple provides an operating system update. However, Apple devices
are “multihomed” to increase the level of connectivity between them,
and CVE-2019-14899 affects precisely this configuration. It seems
unlikely that Apple will decide to change this policy. We will closely
monitor the situation on macOS and iOS platforms.&nbsp;</p>
<h3>Should I be concerned by this security flaw?</h3>
<p>The answer to this question depends on your threat model. This
security flaw does not allow mass surveillance, but it can be exploited
to monitor individual users who connect to specific access points or
LANs controlled by the attacker. If your threat model makes you
concerned about this weakness, we advise you to connect to the VPN
servers with our Windows app or use our Linux client after we have
implemented a fix. If you need to browse privately on an unknown network
using an Android, iOS, or macOS device, connecting to the <a href="https://protonvpn.com/blog/is-tor-safe/" target="_blank" rel="noreferrer noopener" aria-label=" (opens in a new tab)">Tor network</a> would also be a solution.&nbsp;</p>
<p>Please follow us on <a href="https://www.reddit.com/r/ProtonVPN">Reddit</a>, <a rel="noreferrer noopener" href="https://twitter.com/ProtonVPN" target="_blank">Twitter</a>, or <a href="https://mastodon.social/@protonvpn">Mastodon</a> or visit this blog for updates on our progress regarding CVE-2019-14899.</p>
<p>Best Regards,<br>The ProtonVPN Team</p>
<p></p>
<p><strong>To get a free ProtonMail encrypted email account, visit:&nbsp;</strong><a rel="noreferrer noopener" href="http://protonmail.com/" target="_blank"><strong>protonmail.com</strong></a></p>
</div>
<div class="author-block">
<div class="row">
<div class="col-md-2 hidden-sm">
<img src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/vpn-icon.png" class="rounded-circle">
</div>
<div class="col-md-10 col-sm-12">
<h4>
<strong>
<a class="author-link" href="https://protonvpn.com/blog/author/protoblogadmin/" rel="author">
Proton Team </a>
</strong>
</h4>
<p class="author-bio">
We are the scientists, engineers, and
developers who build ProtonMail, the world's largest encrypted email
service. We're now building ProtonVPN also to ensure that everybody can
have access to free and secure internet. </p>
</div>
</div>
</div>
<div id="comments" class="comments-area">
<a href="#respond" class="pull-right btn btn-sm btn-success">Post Comment</a>
<h3 class="comments-title mb-0">
<i class="fa fa-comments"></i>
5 comments </h3>
<ol class="comment-list">
<li class="comment even thread-even depth-1" id="comment-9527">
<div id="comment-body-9527" class="comment-body row">
<div class="col-md-3 bg-faded">
<div class="comment-author vcard author">
<strong class="fn n author-name">Orlando Smith, Esq.</strong>
</div><!-- /.comment-author -->
<div class="comment-meta comment-meta-data text-muted">
<div>January 16, 2020</div>
at 1:00 pm </div><!-- /.comment-meta -->
</div>
<div class="col">
<div id="comment-content-9527" class="comment-content">
<p>Have you informed Apple of this security flaw in iOS and macOS?</p>
</div><!-- /.comment-content -->
<div class="actions text-right">
<a class="permalink" href="https://protonvpn.com/blog/statement-on-cve-2019-14899/#comment-9527" rel="nofollow">
<i class="fa fa-link"></i>
</a>
<a rel="nofollow" class="comment-reply-link" href="#comment-9527" data-commentid="9527" data-postid="3447" data-belowelement="-9527" data-respondelement="respond" aria-label="Reply to Orlando Smith, Esq.">Reply</a> </div>
</div>
</div><!-- /.comment-body -->
</li>
<li class="comment odd alt thread-odd thread-alt depth-1" id="comment-9504">
<div id="comment-body-9504" class="comment-body row">
<div class="col-md-3 bg-faded">
<div class="comment-author vcard author">
<strong class="fn n author-name">Lex</strong>
</div><!-- /.comment-author -->
<div class="comment-meta comment-meta-data text-muted">
<div>January 8, 2020</div>
at 4:06 pm </div><!-- /.comment-meta -->
</div>
<div class="col">
<div id="comment-content-9504" class="comment-content">
<p>I’ve been wondering about the scenario. Imo only possible:
visit a cafe, connect to it’s network which is compromised. You do
browse sites that are typical for your location. <a href="https://whynohttps.com/" rel="nofollow ugc">https://whynohttps.com/</a>
some here are rly .. mortifying. Apache, MIT, …. (w3 doesn’t seem to be
case anymore) If you do happen to browse these sites …. Besides that
prob. more usefull for jokes between family and friends. Where else do
you have Network-Access, do know the accessed domain (at best HTTP)
while the user makes use of a VPN in a Linux/Mobile environment?</p>
</div><!-- /.comment-content -->
<div class="actions text-right">
<a class="permalink" href="https://protonvpn.com/blog/statement-on-cve-2019-14899/#comment-9504" rel="nofollow">
<i class="fa fa-link"></i>
</a>
<a rel="nofollow" class="comment-reply-link" href="#comment-9504" data-commentid="9504" data-postid="3447" data-belowelement="-9504" data-respondelement="respond" aria-label="Reply to Lex">Reply</a> </div>
</div>
</div><!-- /.comment-body -->
</li>
<li class="comment even thread-even depth-1" id="comment-9432">
<div id="comment-body-9432" class="comment-body row">
<div class="col-md-3 bg-faded">
<div class="comment-author vcard author">
<strong class="fn n author-name">R. Daneel Olivaw</strong>
</div><!-- /.comment-author -->
<div class="comment-meta comment-meta-data text-muted">
<div>December 20, 2019</div>
at 5:32 pm </div><!-- /.comment-meta -->
</div>
<div class="col">
<div id="comment-content-9432" class="comment-content">
<p>Hello,</p>
<p>Thank you for reporting this vulnerability. ProtonVPN is the only
commercial VPN provider I trust, and I recommend ProtonVPN whenever a
VPN is enough for one’s threat model.</p>
<p>Speaking of this, I find your article’s conclusion misleading. The
Tor browser and a VPN have different use cases, and for example a
Turkish user shouldn’t use Tor at all. Precisely because the Tor browser
(and TAILS) are the best anonymity solution for dissenters, a Turkish
Tor user may end up in jail, or worse. On the other hand, VPNs are
excellent against geoblocking, on public WiFi, for expats, etc.</p>
<p>Have you found if this vulnerability affects OpenBSD? I just want to brag about my operating system 😉</p>
<p>Thank you again.</p>
</div><!-- /.comment-content -->
<div class="actions text-right">
<a class="permalink" href="https://protonvpn.com/blog/statement-on-cve-2019-14899/#comment-9432" rel="nofollow">
<i class="fa fa-link"></i>
</a>
<a rel="nofollow" class="comment-reply-link" href="#comment-9432" data-commentid="9432" data-postid="3447" data-belowelement="-9432" data-respondelement="respond" aria-label="Reply to R. Daneel Olivaw">Reply</a> </div>
</div>
</div><!-- /.comment-body -->
</li>
<li class="comment odd alt thread-odd thread-alt depth-1" id="comment-9419">
<div id="comment-body-9419" class="comment-body row">
<div class="col-md-3 bg-faded">
<div class="comment-author vcard author">
<strong class="fn n author-name">Lau</strong>
</div><!-- /.comment-author -->
<div class="comment-meta comment-meta-data text-muted">
<div>December 15, 2019</div>
at 9:17 am </div><!-- /.comment-meta -->
</div>
<div class="col">
<div id="comment-content-9419" class="comment-content">
<p>I was waiting for hing kong server working, pla reply when can be finish ?</p>
</div><!-- /.comment-content -->
<div class="actions text-right">
<a class="permalink" href="https://protonvpn.com/blog/statement-on-cve-2019-14899/#comment-9419" rel="nofollow">
<i class="fa fa-link"></i>
</a>
<a rel="nofollow" class="comment-reply-link" href="#comment-9419" data-commentid="9419" data-postid="3447" data-belowelement="-9419" data-respondelement="respond" aria-label="Reply to Lau">Reply</a> </div>
</div>
</div><!-- /.comment-body -->
</li>
<li class="comment even thread-even depth-1" id="comment-9418">
<div id="comment-body-9418" class="comment-body row">
<div class="col-md-3 bg-faded">
<div class="comment-author vcard author">
<strong class="fn n author-name">Lau</strong>
</div><!-- /.comment-author -->
<div class="comment-meta comment-meta-data text-muted">
<div>December 15, 2019</div>
at 9:16 am </div><!-- /.comment-meta -->
</div>
<div class="col">
<div id="comment-content-9418" class="comment-content">
<p>Pls reply when can finish hong kong server maintenance ? I was waiting for over 24 hrs …..</p>
</div><!-- /.comment-content -->
<div class="actions text-right">
<a class="permalink" href="https://protonvpn.com/blog/statement-on-cve-2019-14899/#comment-9418" rel="nofollow">
<i class="fa fa-link"></i>
</a>
<a rel="nofollow" class="comment-reply-link" href="#comment-9418" data-commentid="9418" data-postid="3447" data-belowelement="-9418" data-respondelement="respond" aria-label="Reply to Lau">Reply</a> </div>
</div>
</div><!-- /.comment-body -->
</li> </ol><!-- .comment-list -->
<div id="respond" class="comment-respond">
<h2 id="reply-title" class="comment-reply-title">Leave a Reply <small><a rel="nofollow" id="cancel-comment-reply-link" href="https://protonvpn.com/blog/statement-on-cve-2019-14899/#respond" style="display:none;">Cancel reply</a></small></h2><form action="https://protonvpn.com/blog/wp-comments-post.php" method="post" id="commentform" class="comment-form anti-spam-form-processed" novalidate=""><p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> Required fields are marked <span class="required">*</span></p><p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input id="author" name="author" type="text" size="30" maxlength="245" required="required" class="form-control"></p>
<p class="comment-form-email"><label for="email">Email <span class="required">(not published)</span></label> <input id="email" name="email" type="email" size="30" maxlength="100" aria-describedby="email-notes" required="required" class="form-control"></p><p class="comment-form-comment"><label for="comment">Comment</label> <textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required="required" class="form-control"></textarea></p>
<p class="form-submit text-right"><input name="submit" type="submit" id="submit" class="submit btn btn-success" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="3447" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<!-- Anti-spam plugin v.5.3 wordpress.org/plugins/anti-spam/ -->
<p class="antispam-group antispam-group-q" style="clear: both; display: none;">
<label>Current ye@r <span class="required">*</span></label>
<input type="hidden" name="antspm-a" class="antispam-control antispam-control-a" value="2021">
<input type="text" name="antspm-q" class="antispam-control antispam-control-q form-control" value="2021" autocomplete="off">
</p>
<p class="antispam-group antispam-group-e" style="display: none;">
<label>Leave this field empty</label>
<input type="text" name="antspm-e-email-url-website" class="antispam-control antispam-control-e form-control" autocomplete="off">
</p>
<input type="hidden" name="antspm-d" class="antispam-control antispam-control-d" value="2021"></form> </div><!-- #respond -->
</div><!-- .comments-area -->
</div>
<div class="col sidebar">
<div class="hidden-sm-down">
<p class="text-uppercase"><a href="https://protonvpn.com/blog" class="back"><i class="fa fa-chevron-left"></i> Back to Blog</a></p>
<div class="social">
<p>Share this article!</p>
<!--a target="_blank" href="https://plus.google.com/share?url=https://protonvpn.com/blog/statement-on-cve-2019-14899/" class="fa fa-google-plus"></a-->
<a target="_blank" href="https://www.reddit.com/submit" class="fa fa-reddit" onclick="window.location = '//www.reddit.com/submit?url=' + encodeURIComponent(window.location); return false"></a>
<a target="_blank" href="http://www.facebook.com/sharer.php?u=https://protonvpn.com/blog/statement-on-cve-2019-14899/" class="fa fa-facebook"></a>
<a target="_blank" href="http://twitter.com/share?text=Statement%20from%20ProtonVPN%20regarding%20CVE-2019-14899&amp;url=https://protonvpn.com/blog/statement-on-cve-2019-14899/" class="fa fa-twitter"></a>
</div>
</div>
</div>
</div>
</div>
<div id="cats">
<div class="container">
<h3 class="text-center">Knowledge base</h3>
<div class="row">
<div class="col">
<h4>Category</h4>
<div class="list-group">
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
</div>
</div>
<div class="col">
<h4>Category</h4>
<div class="list-group">
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
</div>
</div>
<div class="col">
<h4>Category</h4>
<div class="list-group">
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
</div>
</div>
<div class="col">
<h4>Category</h4>
<div class="list-group">
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
<a href="#" class="list-group-item">Lorem ipsum dolor sit amet</a>
</div>
</div>
</div>
<p>&nbsp;</p>
</div>
</div>
<div class="inlineUpsell">
<div class="inlineUpsell-headline">
<h2 class="inlineUpsell-title">Secure your internet</h2>
<a href="https://protonvpn.com/pricing" class="inlineUpsell-link text-uppercase">Get ProtonVPN</a>
</div>
<div class="inlineUpsell-content">
<ul class="inlineUpsell-list">
<li class="inlineUpsell-item">
<i class="fa fa-check"></i>
<span>Strict no logs policy</span>
</li>
<li class="inlineUpsell-item">
<i class="fa fa-check"></i>
<span>All apps are open source and audited</span>
</li>
<li class="inlineUpsell-item">
<i class="fa fa-check"></i>
<span>High-speed connections (up to 10 Gbit)</span>
</li>
<li class="inlineUpsell-item">
<i class="fa fa-check"></i>
<span>Based in Switzerland</span>
</li>
<li class="inlineUpsell-item">
<i class="fa fa-check"></i>
<span>30-day money-back guarantee</span>
</li>
</ul>
</div>
</div>
<div id="footer">
<div class="container">
<div class="row text-nowrap">
<div class="col">
<h2 class="font-heavy text-uppercase">Features</h2>
<ul>
<li>
<a href="https://protonvpn.com/free-vpn">Free VPN</a>
</li>
<li>
<a href="https://protonvpn.com/vpn-servers">VPN Servers</a>
</li>
<li>
<a href="https://protonvpn.com/support/streaming-guide/">
VPN for Streaming
</a>
</li>
<li>
<a href="https://protonvpn.com/support/watch-netflix-with-vpn/">
Netflix VPN
</a>
</li>
<li>
<a href="https://protonvpn.com/support/secure-core-vpn/">
Secure Core VPN
</a>
</li>
<li>
<a href="https://protonvpn.com/support/protonvpn-setup-guide/">
Getting Started
</a>
</li>
</ul>
</div>
<div class="col">
<h2 class="font-heavy text-uppercase">Platforms</h2>
<ul>
<li>
<a href="https://protonvpn.com/download">
VPN for Windows
</a>
</li>
<li>
<a href="https://protonvpn.com/download">
VPN for Mac
</a>
</li>
<li>
<a href="https://play.google.com/store/apps/details?id=ch.protonvpn.android&amp;referrer=utm_source%3Dprotonvpn.com%26utm_content%3Dstatic">
VPN for Android
</a>
</li>
<li>
<a href="https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085">
VPN for iOS
</a>
</li>
<li>
<a href="https://protonvpn.com/support/linux-vpn-tool/">
VPN for Linux
</a>
</li>
<li>
<a href="https://protonvpn.com/support/installing-protonvpn-on-a-router/">
VPN for Routers
</a>
</li>
</ul>
</div>
<div class="col">
<h2 class="font-heavy text-uppercase">Legal</h2>
<ul>
<li>
<a href="https://ge.ch/hrcintapp/externalCompanyReport.action?companyOfsUid=CHE-496.963.746&amp;lang=FR">
Imprint
</a>
</li>
<li>
<a href="https://protonvpn.com/privacy-policy">Privacy Policy</a>
</li>
<li>
<a href="https://protonvpn.com/terms-and-conditions">
Terms &amp; Conditions
</a>
</li>
<li>
<a href="https://protonvpn.com/blog/transparency-report">
Transparency Report
</a>
</li>
<li>
<a href="https://protonvpn.com/blog/threat-model">Threat Model</a>
</li>
<li>
<a data-em="abuse" href="mailto:abuse@protonvpn.com">Report Abuse</a>
</li>
</ul>
</div>
<div class="col">
<h2 class="font-heavy text-uppercase">Company</h2>
<ul>
<li>
<a href="https://protonvpn.com/about">About</a>
</li>
<li>
<a href="https://protonvpn.com/blog/">Blog</a>
</li>
<li>
<a href="https://protonvpn.com/support/">Support</a>
</li>
<li>
<a href="https://protonvpn.com/careers">Careers</a>
</li>
<li>
<a href="https://protonvpn.com/blog/open-source/">
Open Source
</a>
</li>
<li>
<a href="https://protonvpn.com/press">Press/Media kit</a>
</li>
</ul>
</div>
<div class="col">
<h2 class="font-heavy text-uppercase">Social</h2>
<ul>
<li class="fb">
<a target="_blank" rel="noreferrer nofollow noopener" href="https://facebook.com/ProtonVPN">
<i class="fa fa-facebook-official"></i>
<span>Facebook</span>
</a>
</li>
<li class="tw">
<a target="_blank" rel="noreferrer nofollow noopener" href="https://twitter.com/ProtonVPN">
<i class="fa fa-twitter"></i>
<span>Twitter</span>
</a>
</li>
<li class="reddit">
<a target="_blank" rel="noreferrer nofollow noopener" href="https://www.reddit.com/r/ProtonVPN/">
<i class="fa fa-reddit-alien"></i>
<span>Reddit</span>
</a>
</li>
<li class="insta">
<a target="_blank" rel="noreferrer nofollow noopener" href="https://www.instagram.com/protonvpn/">
<i class="fa fa-instagram"></i>
<span>Instagram</span>
</a>
</li>
<li class="masto">
<a target="_blank" rel="noreferrer nofollow noopener" href="https://mastodon.social/@ProtonVPN">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 15 15" width="15" height="15" class="mastodon-icon" aria-hidden="true">
<path d="M13.578 5.205c0-2.778-1.823-3.593-1.823-3.593-.916-.42-2.493-.598-4.132-.612h-.044c-1.64.014-3.211.193-4.132.612 0 0-1.823.815-1.823 3.593 0 .636-.01 1.398.01 2.203.067 2.72.496 5.396 3.009 6.062a9.46 9.46 0 0 0 2.956.328c1.451-.082 2.27-.516 2.27-.516l-.047-1.056s-1.042.328-2.204.29c-1.153-.04-2.373-.126-2.56-1.544a2.626 2.626 0 0 1-.025-.4s1.133.28 2.57.342c.878.044 1.703-.048 2.542-.15 1.606-.192 3.004-1.18 3.178-2.082.28-1.428.255-3.477.255-3.477zm-2.146 3.578h-1.33V5.518c0-.69-.29-1.037-.869-1.037-.641 0-.96.415-.96 1.235v1.789H6.949v-1.79c0-.819-.323-1.234-.96-1.234-.579 0-.868.348-.868 1.037v3.265H3.775V5.417c0-.69.173-1.235.525-1.64.362-.405.84-.612 1.428-.612.68 0 1.2.26 1.538.786l.333.555.332-.555c.343-.526.859-.786 1.539-.786.588 0 1.065.207 1.427.612.352.405.526.95.526 1.64v3.366z">
</path>
</svg>
<span>Mastodon</span>
</a>
</li>
<li class="protonmail">
<a target="_blank" rel="noreferrer nofollow noopener" href="https://protonmail.com/">
<img src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/protonmail-sign-white.png" alt="ProtonMail Logo">
<span>ProtonMail</span>
</a>
</li>
</ul>
</div>
<div class="col col-md-3">
<h2 class="font-heavy text-uppercase">Contact</h2>
<p>
<span>Support</span>:
<a class="general-contact-modal text-success" href="#">
Show Details
</a>
<br>
<span>Partnership</span>:
<a href="https://partners.protonvpn.com/" class="text-success">partners.protonvpn.com</a>
<br>
<span>Media</span>:
<a data-em="media" class="text-success" href="mailto:media@protonvpn.com">media@protonvpn.com</a>
<br>
<span>Security</span>:
<a data-em="security" class="text-success" href="mailto:security@protonvpn.com">
security@protonvpn.com
</a>
<a href="#" data-toggle="modal" data-target="#secPubKey" class="btn btn-xs btn-secondary">
<i class="fa fa-key security-icon" data-toggle="tooltip" data-placement="top" title="" data-original-title="PGP Public Key"></i>
</a>
<br>
<span>Abuse</span>:
<a data-em="abuse" class="text-success" href="mailto:abuse@protonvpn.com">abuse@protonvpn.com</a>
</p>
</div>
</div>
</div>
</div>
<div class="contactModal">
<div class="bg"></div>
<div class="window"> <i class="fa fa-times fa-2x close"></i>
<p> <span>For customer support inquiries, please submit the following form for the fastest response:</span>
<br> <a href="https://protonvpn.com/support-form" target="_blank" class="btn btn-success">
https://protonvpn.com/support-form </a> </p>
<p> <span>For all other inquiries:</span>
<br> <a data-em="contact" class="text-success" href="mailto:contact@protonvpn.com">contact@protonvpn.com</a>
</p>
<p> <span>You can also Tweet to us:</span>
<br> <a target="_blank" href="https://twitter.com/protonvpn" class="text-success"> @ProtonVPN </a> </p>
</div>
</div>
<div class="modal fade" id="secPubKey" style="display: none;" aria-hidden="true">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h2 class="modal-title"> <kbd>security@protonvpn.com</kbd> PGP Public Key </h2>
<button type="button" class="close" data-dismiss="modal" aria-label="Close"> <span aria-hidden="true">×</span> </button>
</div>
<div class="modal-body">
<div class="alert alert-warning">If you don't know how to manually encrypt PGP emails and send them,
this may not be for you. We will let you know if we can't decrypt your message.</div>
<pre>-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.3.0
Comment: https://openpgpjs.org
xsBNBFiYfJgBCAC7SIonSZmLIh72w6wcKiDGZkebgVbZ3yd46ls7d3myH0GJ
bOqd/gWA/cwpdVZY6p+VtWTN2WeCDHqdjG3ibeJW2HS/FClpQRw/eghxJr7M
6HiYJkAntoUuwNaToCqwAhUiNVDUObmHaOABd8AE9TMSnXKE0OoDXnm5c5jZ
CaFA4m3DU7M+PQVkGKGT4ZK4o5ePpk3jv6OC922qftFeTSlQ4ef5SvjUQPuA
XKxh0PRsPFyXOytxNFyCSHIXwojN2odL+gN3PTipO1ZiH6uWAMxHZVn21oWU
KvMbn+1r3ZBabmyidiE3bbyUj7d0r6Zix3TGifhkb+UsWfsKW8xSQGDpABEB
AAHNL3NlY3VyaXR5QHByb3RvbnZwbi5jb20gPHNlY3VyaXR5QHByb3RvbnZw
bi5jb20+wsB/BBABCAApBQJYmHyZBgsJBwgDAgkQdvNE+jTYSTgEFQgCCgMW
AgECGQECGwMCHgEACgkQdvNE+jTYSTiieQgArURu0HcnwdXUKVqQy5d5C4hM
rq3qn5S9sbvegT4dRdh04v/pRBLjXic+99AZ0mNf8s3l+PEUDehpReYbxdqP
RA0xFJRECQtwejO1t1cSKxaHaAErW9IhSp+KVEzFczwxcPr5Gy0+6lvN8cP1
AWbTC8SllYuIxqc+8/LVhx83LFs4xT4GUF0ykfhdvBJe2RQzejOLkewJ9E2x
GFYFm73it65TcDfhyBhggqZkLKVkSQWnyruOjn20JmLUXsOEx8SONKob0BB/
DyeIAIX2eHVxIltlQvXacLE7IRqeUFBaw42uXLX3jhDvs0zdolCTwXXkjhwR
o9eX3/elPh45J4rlj87ATQRYmHyYAQgAppLHEhYP5nDIHdtNvL0m497HJV92
WbeRRQMbuceXS60m8I5C5SIeZixwHwz6WwiRpQ00C2225JHEzfj6JTViU0kG
7wgLP1hpiWt9MbWWz4hYFz3SM8K+6xa873jY0SpPSyBd/RTfQCL8ePfNEels
oguq1feajDApjN4+AhOhsrRH7YUxKpQpoEFIh50zpgErGRmi0ICQekdqs+Fb
u3vVJRpFygxpYJUo5SHfWEjsLp2Po1uMCAlTidXbUcunkb84S4+b2HSBTkm+
ZWPKeMd21tSXA+eRUWvIOMIn+MeQ02d91qtw5DuM78xJ8bzET9g5rYIlVK7l
Y9bKtqGhWzeB4wARAQABwsBpBBgBCAATBQJYmHyZCRB280T6NNhJOAIbDAAK
CRB280T6NNhJOC0QB/0aR7OxMfoDeMsGWlw11WUInOgkQOHx5tLr2IjPd6i3
13TkND/Gvjy1yV1MzLGtqsd2lKjFG5wysbUaW8oj0hMUMlEgQMNZPUOEgnA7
t+VD4ZZr/ksuSCosnEOhC9yzbWD8DluGOeLTRaTnMS5s2cvaAO5tR+vI2Po/
RmdpQ8c31RS1asnyY9x3iZHVrrqqSJLqITXyqrXrLT2Z6r3jeQYCv9zSouIS
Iq+BZsCcet5N1/oMYcuXHOMQL99Ue756SsSKhB0ZeK6k8BdlnI3pHPBd+6hJ
2hAcTUKvVI1NFIbwY2iZFaok25N8ViTejwz4VaFvyND2jq+xUbyqKc0gyen5
=6uT5
-----END PGP PUBLIC KEY BLOCK-----</pre>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary modal-footer-closebutton" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
<div id="foot">
<div class="container">
<div class="row">
<div class="col-md-3 location">
<p>
<img src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/protonvpn-white-transparent.svg" onerror="this.src='/assets/img/protonvpn-white-transparent.png'">
</p>
<p><strong>ProtonVPN AG</strong></p>
<p>Chemin du Pré-Fleuri, 3<br>
CH-1228 Plan-les-Ouates,<br>
Genève, Switzerland</p>
</div>
<div class="col-md-6"></div>
<div class="col-md-3">
<p class="hidden-lg-up">&nbsp;</p>
<h2 class="text-uppercase">Built with the Support of</h2>
<p>
<a href="https://protonmail.com/" target="_blank">
<img class="mail" src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/protonmail-white-transparent.svg" onerror="this.src='/assets/img/media/protonmail-white-transparent.png'" height="50">
</a>
</p>
<p>
<a href="http://www.fongit.ch/" target="_blank">
<img src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/fongit-logo.png" height="40">
</a>
</p>
</div>
</div>
</div>
</div>
<!-- Placed at the end of the document so the pages load faster -->
<script src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/bootstrap.js"></script>
<script src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/ie10-viewport-bug-workaround.js"></script>
<script type="text/javascript">
// Contact Modal
jQuery(".general-contact-modal").on("click", function() {
jQuery("body").toggleClass("show-modal");
return false;
});
jQuery(".contactModal .bg, .contactModal .close").on("click", function() {
jQuery("body").removeClass("show-modal");
return false;
});
jQuery(function() {
jQuery('#cat-nav .cat-item').addClass('btn btn-secondary');
jQuery('#cat-nav').show();
});
function homeExcerpts() {
jQuery('#front-posts .wrap .entry p').each(function() {
jQuery(this).attr('data-orig', jQuery(this).text());
});
}
var originalFeaturedExcerptText = jQuery('#post-featured div div.content > p').eq(0).text().slice(0, -3);
function featuredExcerptSize() {
// only for homepage
if (!jQuery('body.home').length) {
return;
}
// we need to hide text before getting the height.
jQuery('#post-featured div div.content > p').hide();
var featuredHeight = jQuery('.home #post-featured').outerHeight();
var featuredTitleHeight = jQuery('.home #post-featured h3').outerHeight();
var featuredLinkMeta = jQuery('#post-featured div small.meta').outerHeight();
var featuredLinkHeight = jQuery('#post-featured div div.text-center').outerHeight();
var padding = 70;
var excerptHeight = featuredHeight - (featuredTitleHeight + featuredLinkHeight + padding + featuredLinkMeta);
// console.log(featuredHeight, featuredTitleHeight, featuredLinkHeight, featuredLinkMeta, excerptHeight);
jQuery('#post-featured div div.content > p').show();
ellipsis(excerptHeight);
}
function ellipsis(number) {
if (number < 1) {
jQuery('#post-featured div div.content > p').text('');
} else {
// 40 characters = 26 height roughly.
var rows = number / 26;
var chars = rows * 40;
var text = originalFeaturedExcerptText;
text = text.substring(0, chars);
jQuery('#post-featured div div.content > p').text(text + '...');
}
}
// event listener
jQuery(window).on('load resize', function() {
homeExcerpts();
featuredExcerptSize();
});
</script>
<script type="text/javascript" src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/anti-spam-5.js"></script>
<script type="text/javascript" src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/functions.js"></script>
<script type="text/javascript" src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/comment-reply.js"></script>
<script type="text/javascript" src="Stay%20safe%20on%20ProtonVPN%20despite%20CVE-2019-14899%20-%20ProtonVPN%20Blog_files/wp-embed.js"></script>
</body></html>