Linux client - Lack of certificate validation leading to RCE

Disclosed by
mmmdspl
  • Engagement CyberGhost
  • Disclosed date almost 2 years ago
  • Points 40
  • Priority P1 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by CyberGhost

While mmmdspl initially submitted this vulnerability through our Vulnerability Disclosure Program, we immediately recognized the value of his research into our application and wanted to ensure he was rewarded for it so we asked him to submit to our bug bounty program. We greatly appreciate his efforts to identify this remote code execution weakness in our Linux client application.

Summary by mmmdspl

Linux client has two bugs: lack of certificate validation while connecting to wireguard-related API and command injection. Together, successful man-in-the-middle attack can result in code execution on a machine connecting to wireguard.

Activity