At BlackHat 2018, a researcher named Ahamed Nafeez discovered a compression vulnerability with OpenVPN tunnels. The vulnerability–named Voracle, would allow the attacker to use a padding oracle attack to decrypt OpenVPN traffic.
How does Voracle Vulnerability Work?
There are a few things required for the compression vulnerability to be effective in decrypting OpenVPN traffic. The first thing required for the Voracle attack would be a VPN with compression enabled, a Vulnerable browser (the attack worked with Firefox, in Nafeez’s tests), and an attacker with the ability to redirect a user to a malicious website. The redirection could come in the form of DNS poisoning, phishing links, malicious ads, or other redirection techniques
Once a user is redirected to the malicious site, the session cookie can be broken and the attacker can decompress and recover the data inside the VPN tunnel. Depending on the sites visited while VPN use is active–whether HTTPS or HTTP websites–either basic information like metadata with timestamps can be taken, or a full stream of information can be taken through unencrypted sites.
TorGuard’s Solution to Voracle Vulnerability
By disabling compression on our VPN servers, we can stop the Voracle vulnerability from happening and being possible. As of right now, users don’t need to update the TorGuard VPN app to receive the update since we have disabled compression on all connections made by all of our VPN apps.