CVE-2019-14899

Name of the Vulnerable Software and Affected Versions Linux (affected versions not specified) FreeBSD (affected versions not specified) OpenBSD (affected versions not specified) MacOS (affected versions not specified) iOS (affected versions not specified) Android (affected versions not specified)

Description A vulnerability was discovered that allows a malicious access point or an adjacent user to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. The issue affects Linux, FreeBSD, OpenBSD, Android, macOS, and iOS, among other Unix-like systems. Enabling the reverse path filtering mechanism (rp filter) in strict mode for IPv4 can neutralize the problem.

Recommendations For Linux, consider enabling the rp filter mechanism in strict mode for IPv4 to mitigate the issue. For other affected systems, at the moment, there is no information about a newer version that contains a fix for this vulnerability.