Nord Security, the company behind nordvpn and other products requested a comprehensive security audit of NordVPN applications, add-ons, web services, and APIs in June 2022. The audit was conducted by Cure53, a German company specializing in security audits.
Cure53 was tasked with performing penetration testing and source code audits against “NordVPN servers, infrastructure, and NordVPN desktop applications for Windows, Linux, and macOS.” The audit ran from July 2022 to October 2022 and was divided into three work packages.
Comment: Bitwarden, maker of the password management service, also today posted the results of a security audit of Bitwarden by Cure53.
Here are the results of the audit published By NordVPN on the official company website. There, interested users find two Cure53 reports.
The researchers identified a total of 6 vulnerabilities and 17 miscellaneous objects with “low exploitability.” While the number of items identified appears large, Cure53 notes that the scope of the audit was also large, as it included the applications, extensions, infrastructure, source code, and web services that NordVPN operates.
NordVPN fixed all security issues identified by researchers during the audit. Cure53 approved the patch and confirmed that NordVPN correctly implemented the mitigation.
tip: You can check out our latest NordVPN review here.
NordVPN: Major Security Issues
One issue received a critical rating, two received a high rating. serious issue affected nordvpn Daemon on Linux systems. Researchers observed that it embedded “an environment variable of a foreign process in the command line” to send desktop notifications on KDE and GNOME systems.
The first security issue gave NordVPN a high rating on macOS systems. Privileged VPN Assistant writes logs to user-owned file locations. An attacker with user privileges could exploit this with a symlink to “write log entries to any root-owned file”.
The third issue was also given a high rating, again affecting NordVPN on macOS. This can be used by an attacker to load arbitrary extensions. The remaining security issues received a severity rating of medium or low.
Other findings
Cure53 provides a comprehensive commentary on its findings in the report. The findings include additional information on the applications, code, and infrastructure analyzed during the audit.
The researchers found several areas in which the default configuration was used. For example, the Docker configuration relies on several default configurations that researchers have deemed insecure.
In the meantime, NordVPN has addressed these issues, meaning they should no longer be considered a potential security issue.
concluding words
nordvpn is a popular VPN service that is available in most regions. Third-party audits are performed to identify and fix potential issues, but they are also used by companies to improve transparency and trust.
Internet users may be more willing to trust an audited service, or a service that has never been audited, than a service that is regularly audited by third parties.
Now you: Do you use VPN?
