VPN | Everything you must to know about Virtual Private Network

-

VPN stands for virtual private network or private communication network, Which is the most secure 🔐 ,method of connecting a computer to a private network .

with the help of public network, Such as the internet. It create a virtual tunnel through which the data travels from one computer to the other over the internet. Due to this , an attacker gets the way to use the remote client to relay attacks through the VPN tunnel.

In this blog you will learn about the following vulnerabilities of VPN.

Tech Worthy Mind

∆ Insecure storage of authentication credentials by VPN client

∆ VPN fingerprinting

∆ Username enumeration vulnerabilities

∆ Ofline password 🔑 cracking

∆ Lack of account lockout

∆ Denial of service (DOS) attacks

∆ Configuration vulnerabilities of VPN


Insecure Storage of Authentication Credentials by VPN Clients

VPN client program store some or all of the authentication credentials, such as username and password, to identify and authenticate a user on the network. Although this setting makes the VPN easier to use ,it also introduce security risks. especially if the credentials are not well protected. The common client issues that have been seen in VPN are as follows:

• Storing the username unencrypted in a file or registry

• Storing the password in a scrambled form

• Storing the plain-text password in memory

• Storing file permissions as credentials


VPN Fingerprinting

There are various methods, such as User Datagram Protocol (UDP) back-off fingerprinting and vender 🆔 identity Fingerprinting, through which VPN server can be fingerprinted. This gives the useful information to potential attackers.


Username Enumeration Vulnerabilities

The most basic security requirement of a username/password authentication scheme is that the incorrect login information should not reveal the information about incorrect credentials (username or password) because this would allow an attacker to conclude whether a given username is valid or not. In VPN if user credentials are incorrect , it will inform the user ( attacker) whether the entered username is valid or not.

The three common faults that are found in the way the VPN server respond to the user are as follows:

• Some VPN server only respond to the client which has the valid username

• Some VPN server respond with a notification message, such as no-proposal chosen, if the username is incorrect

• Some VPN respond to both valid and invalid username, but in the situation , the invalid username hash payload is calculated using a null password, and it is difficult for the client to determine this.


Virtual Private Network

Offline Password cracking

In VPN, an attacker can use the valid username with the internet key Exchange (IKE) aggressive mode to obtain a hase form the VPN server . After obtaining the hash, the attacker can use it to crack the associative password. This method of obtaining password is known as offline password cracking.


Lack of Account Lockout

When there are some instances of incorrect login attempt , an OS usually locks the account . However, serveral VPN implementation do not support this and allow an unlimited number of login attempts.


Denial of Service Attacks

Dos refers to the attack in which an attacker prevent the intended user from accessing the resources. There are two type of DoS vulnerabilities that have been observed on VPN server.

•Malware packet DoS

•Resource exhaustion DoS


Firewall :-how-to-secure-your-computer















Comments

Post a Comment

DON'T COMMENT LINK.

Popular posts from this blog

Remove Tools From Termux | How can I reopen the installed tool in termux? | TECH WORTHY MIND

-
Image
In this Termux tutorial we will learn how to remove tool in termux, how to uninstall any tool in termux and how can i reopen the install tool in termux. By follow some simple steps you can easily uninstall any tool in termux. Termux is a application in which you can easily install the different commands which perform hacking like Zispher command etc. How to delete tool from termux some useful steps which mention below follow all steps to uninstall tool in termux Open your android terminal emulator (Termux) Type command $ cd and press enter. Type $ ls command, after that all the tools which previously installed in you termux will display. Type command $ rm -rf toolName and press enter then successful your tool delete from termux. How can I reopen the installed tool in termux  Simply open your termux and type $ cd and press enter. In second step type command $ ls After that write $ cd toolname and enter. In the last step enter $ bash toolname.sh In this way you can successfully switc...
Read more

Best 250+ termux hacking tools

-
Image
 In this blog, we will discuss some famous hacking tools used in termux by professional ethical hackers. As we all know that hacking is illegal without the permission of the victim, but on other hand, a good knowledge of hacking help us in various field of the internet to understand how can we avoid hacking. Here list of best 8+ tools that help to perform several attacks on the webserver, etc and use in penetrating testing and more. For Android users to understand hacking, Termux is the best app which help us to perform hacking by install some hacking tool in the termux. Nowadays for Android termux is the most recommended tool by ethical hackers and also it helps in penetrating testing. One does not have to have a good knowledge of hacking to use this app. Anyone can use the termux to investigate how hacking perform. There are numerous tools are present on the internet and sometimes they confuse us, don't worry in this article, after deep discover I am presenting a list of all best...
Read more

How To Hack Wifi | Hack Wifi Password | TECH WORTH MIND

-
Image
  How to hack wifi password and how to hack wifi using termux. By follow some simple steps you can easily hack wifi. Open your termux app and paste all command one by one. Hacking How to hack wifi password using Termux 100% working ,how to hack wifi password on android phone without app. useful steps-: 1- pkg update 2- pkg upgrade 3- pkg install python 4- pkg install python2 5- pkg install git 6- pkg install requests 7- pkg install mechanize 8- git clone https://github.com/king-hacking/ King-Hacking 9- cd King-Hacking 10- bash King-Tools.sh         ffffff
Read more