CVE-2018-25368
HighSummary
Nord VPN version 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application crash when attempting to authenticate.
Risk Assessment
This vulnerability may lead to service downtime for the VPN, potentially impacting the security and privacy of users. Attackers could exploit this flaw to disrupt the application's functionality.
Recommendation
It is recommended to update Nord VPN to the latest version to mitigate this vulnerability. Additionally, implementing restrictions on the length of password inputs is advisable.
Original NVD description (English source)
Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application crash when attempting to authenticate.

