CVE-2023-2754
Plaintext transmission of DNS requests in Windows 1.1.1.1 WARP clientThe Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.
We have discovered 180 live websites that are affected by CVE-2023-2754.
Contact us to get more info
Affected Software
| |
---|
Product | Warp |
Category | Web Servers |
Vulnerable Versions | |
Total Vulnerable Versions | 38 |
Vulnerable Domains | 180 live websites (100.00% of Warp install base) |
Common Weakness Enumeration
CWE-319 Cleartext Transmission of Sensitive Information
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-2754 and the relative popularity of websites