Your IP:
Your Location:
Your Status:
VeePN Blog VeePN Blog
  • Apps
    • All Apps
    • Windows
    • Mac
    • Linux
    • iOS
    • Android
    • Smart TV
    • Fire TV
    • Andriod TV
    • Apple TV
    • Router
    • Xbox
    • PlayStation
    • Chrome
    • Firefox
    • Edge
  • Features
    • All Features
    • VPN Servers
    • Double VPN
    • No Log VPN
    • Kill Switch
    • NetGuard
    • Extra Features
  • What is VPN?
    • How does a VPN work?
    • Access Content
    • Unblock Websites
    • VPN for Gaming
    • Streaming Media
    • Streaming Music
    • VPN for Netflix
    • Internet Privacy
    • Anonymous IP
    • Conceal Identity
    • Prevent Tracking
    • Save Money
    • Online Security
    • VPN Encryption
    • What’s my IP
    • Hide your IP
  • Pricing
  • Help
Get VeePN
Digital identity Safe surfing Mobile security Wireless security Big brother
More categories
Good to know Online threats Entertainment Hackerwatch Cryptocurrency
Digital identity Safe surfing
More
Mobile security Wireless security Big brother Good to know Online threats Entertainment Hackerwatch Cryptocurrency
Digital identity Safe surfing Mobile security Wireless security Big brother Good to know Online threats Entertainment Hackerwatch Cryptocurrency
Search
Blog Safe surfing

VeePN Browser Extensions: Results from Independent Audit about Robust Security

Conspiracy
March 23, 2023
Safe surfing
3 min read

Secure your digital life with VeePN

  • Privacy on any Wi-Fi
  • Unlimited bandwidth
  • One account, 10 devices
  • 2 500+ servers in 89 locations
Get VeePN Now

General Information about Audit

VeePN covers more than 2500 servers and 50 locations. It intends to provide an exclusive connection speed. It enables you to surf the Internet effortlessly. There is no need to worry about bandwidth limits. VeePN makes every effort to ensure you have the fastest Internet experience.

VeePN wants to say that it is proud to present the results. VeePN Corp. requested to carry out a security assessment in February 2021 and then was quickly scheduled. A white-box approach was selected for this assessment. This enables a maximum possible breadth and depth of coverage. A team of two senior testers was provided by Cure53 to carry out an assessment. Cure53 was granted access to the uncompressed sources of Chrome and Firefox extensions with all other necessary information, test user accounts, etc.

Preparation for Assessment

VeePN Corp. performed all the needed preparations the week before the assessment to provide a smooth start for the Cure53 testing team. The process moved forward at a good pace. Communication was carried in an allotted and shared Slack channel which connected the workspaces of VeePN Corp. and Cure53. Noteworthy roadblocks were not discovered during the test.

Results of Test

The Cure53 team reported only three security-relevant discoveries. Two of them can be classified as security vulnerabilities, and the third is simply a general weakness with lower exploitation potential. One of the discoveries was given a “High score” because it led to a classic information leak in the Squid proxy error page. This is the most widespread discovery for VPN and proxy software setups.

Recommendations to Remove the Identified Vulnerabilities

For the “User-information leaked in Squid default error page” vulnerability, it is advised to modify the generic Squid error page and remove all user-related information.

For the “Auto-Protect feature bypass via domain trimming” vulnerability, it is advised to remove the code path. This guarantees that the WebExtension tunnels the domain, which was added by the user.

For the “XSS in pop-ups via server status code” vulnerability, it is advised to replace the innerHTML property with a secure option like innerText. This enables the display of the error to the user without risking displaying unintended HTML tags.

Note that all vulnerabilities were addressed and fixed during the assessment.

Brief Conclusion

The general impression about Firefox and Google Chrome VeePN WebExtension is very positive. All issues reported via Slack were immediately addressed by the VeePN team. All the fixes have been verified. The low number of findings means that the Cure53 team can conclude this project (carried out in spring 2021) with excellent outcomes for the VeePN Corp.

VeePN Corp. wants to thank Cure53 for their assessment and pleasant collaboration. Both Cure53 and VeePN teams carried excellent project coordination, support, and assistance before and during the assessment.

The VeePN Browser Extension is in the proper direction concerning its security design. The most widespread browser proxy mistakes have been successfully shunned with the help of good design and implementation decisions. WebExtensions can be regarded as an advantage of a strong security model.

Knowledge is power, VeePN is freedom
Get VeePN Now
30-day money-back guarantee
Keep your personal data private.
Protect yourself with VeePN
Get VeePN Now Learn More
Written by Conspiracy
Related Posts
Am I Being Throttled? How Сan I Stop This Right Now?
Am I Being Throttled? How Сan I Stop This Right Now?
Good to know 8 min read

Am I Being Throttled? How Сan I Stop This Right Now?

Imagine you’re surfing the web, streaming your favorite Netflix show, or playing an online game. Then, all of a sudden, your Internet speed becomes terribly slow. Is there any problem with your router, or maybe your neighbors are piggybacking your connection? Could be, but there is another common reason for poor online speed known as Internet throttling. Keep reading to find out how to check if you’re being throttled by your Internet service provider (ISP) and what you can do to stop them.

VeePN Research Lab
March 31
What Is OpenVPN and Should You Use It?
What Is OpenVPN and Should You Use It?
Good to know 9 min read

What Is OpenVPN and Should You Use It?

You may have bumped into this term when searching for a VPN app for your needs. But if you’re more into virtual private networks, you probably know that OpenVPN is not exactly a VPN service (although it does have a client app). Instead, it’s one of the most powerful and stable VPN protocols. But what does it do, and should you use it? To answer these questions, we must dive a bit deeper into some tech details. Keep reading to learn all you should know about OpenVPN, explained in simple terms.

VeePN Research Lab
March 31
VPN Not Connecting? Here are Simple Steps to Fix It
VPN Not Connecting? Here are Simple Steps to Fix It
Good to know 7 min read

VPN Not Connecting? Here are Simple Steps to Fix It

Your VPN not working can be a pain in the neck. An intimidating one. But fear not — you don’t need to be super tech-savvy to solve it yourself. We’ve got a list of simple fixes you can try. Whether you’re using outdated software, have a weak Internet connection, or are using the wrong login credentials, we’ve got you covered. 

So, let’s get started and get your VPN up and running. 

VeePN Research Lab
March 30
© 2023 VeePN. All Rights Reserved.