bleepingcomputer[.]com/news/security/atlas-vpn-zero-day-vulnerability-leaks-users-real-ip-address/
An Atlas VPN zero-day vulnerability affecting the Linux client leaks a user's real IP address simply by visiting a website.
A Reddit user named 'Educational-Map-8145' published a PoC exploit on Reddit that abuses the Atlas VPN Linux API to reveal a user's real IP addresses.This PoC creates a hidden form that is automatically submitted by JavaScript to connect to the http://127.0.0.1:8076/connection/stop API endpoint URL.
When this API endpoint is accessed, it automatically terminates any active Atlas VPN sessions that hide a user's IP address.
Once the VPN connection is disconnected, the PoC will connect to the api.ipify.org URL to log the visitor's actual IP address.
This is a severe privacy breach for any VPN user as it exposes their approximate physical location and actual IP address, allowing them to be tracked and nullifying one of the core reasons for using a VPN provider.
Given the critical nature of this zero-day vulnerability, which remains exploitable until a patch is released, Atlas VPN Linux client users are strongly advised to take immediate precautions, including considering an alternative VPN solution.