CVE-2018-25368

Description

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application crash when attempting to authenticate.

References

• https://nordvpn.com/download/
• https://www.exploit-db.com/exploits/45304
• https://www.vulncheck.com/advisories/nord-vpn-denial-of-service-via-password-field