It’s been more than a week since the public release of the HeartBleed bug and its exploits. Most of the websites, that were confirmed to have this vulnerability were able to fix this issue; but not all of them.
The Le VPN Security team discovered today that six VPN providers are still vulnerable to HeartBleed:
VPNFreeWay.net (https://filippo.io/Heartbleed/#vpndiscount.net and https://filippo.io/Heartbleed/#vpnfreeway.net)
This means that an attacker is able to gain full access to their web servers and steal sensible information. Moreover, this vulnerability can lead to the exposure of their VPN servers’ SSL certificates, which can make their clients’ VPN tunnel vulnerable to a Man in the Middle Attack.
We hope that this won’t lead to any unwanted disclosure of information related to clients of the aforementioned VPNs, and we also hope that these issues will be fixed ASAP.
We are trying to contact these providers to help them fix this issue.
We remind you that Le VPN was not vulnerable to HeartBleed, and you can rest assured when using Le VPN that it is now, and always has been, a secure service.
The following providers confirmed that they’ve fixed the vulnerability:
Le VPN Spring Special
Get Le VPN 2-year plan for $69.60 or $2.90/month