CVE Catalog

CVE-2018-25368

High
Published: Translated: NVD NIST

Summary

Nord VPN version 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application crash when attempting to authenticate.

Risk Assessment

This vulnerability may lead to service downtime for the VPN, potentially impacting the security and privacy of users. Attackers could exploit this flaw to disrupt the application's functionality.

Recommendation

It is recommended to update Nord VPN to the latest version to mitigate this vulnerability. Additionally, implementing restrictions on the length of password inputs is advisable.

Original NVD description (English source)

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application crash when attempting to authenticate.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS