ExpressVPN Removes Split-Tunneling Feature for Leaking DNS Requests

ExpressVPN Removes Break up-Tunneling Characteristic for Leaking DNS Requests


ExpressVPN has quickly disabled its split-tunneling function for a sure set of customers to repair a bug that is been exposing its customers’ DNS requests.

After being tipped off by CNET’s Attila Tomaschek, ExpressVPN launched an emergency replace to disable cut up tunneling whereas it labored on a repair.

“Though the problem is believed to contain lower than 1% of customers on a single app platform, Model 12 for Home windows, ExpressVPN rolled out an replace that disabled cut up tunneling on that platform totally, to reduce the potential ongoing danger to clients,” ExpressVPN says. “The function will stay deactivated whereas engineers examine and repair the issue.”

ExpressVPN’s cut up tunneling is meant to let the person designate what visitors ought to journey by way of the VPN’s encrypted connection and what visitors ought to journey outdoors of it. Nevertheless, all visitors was purported to be routed by way of ExpressVPN’s no-log DNS server, even when it wasn’t utilizing the VPN, to make sure person privateness.

The difficulty is that a number of the visitors wasn’t routed by way of ExpressVPN’s DNS server, exposing customers’ visitors to 3rd events, mostly their ISPs. In keeping with Bleeping Pc, the problem was launched in model 12.23.1 in Might 2022 and continued by way of model 12.72.0, which launched on Feb. 7, 2024. Which means the problem has been round for nearly two years.

Really helpful by Our Editors

ExpressVPN stated it may solely recreate the problem with a selected configuration. Break up tunneling needed to be energetic and the “Solely enable chosen apps to make use of the VPN” setting needed to be enabled. Not one of the different options, similar to encryption, have been affected by the problem.

Customers of Model 10 of the Home windows app, together with the apps on different platforms, are unaffected by the problem and may be capable to proceed utilizing ExpressVPN cut up tunneling with out situation. These on Model 12 who do not wish to forgo cut up tunneling can downgrade to Model 10; go to the app variations web page and choose Obtain Older Model.

Like What You are Studying?

Join SecurityWatch publication for our high privateness and safety tales delivered proper to your inbox.

This article could include promoting, offers, or affiliate hyperlinks. Subscribing to a publication signifies your consent to our Phrases of Use and Privateness Coverage. It’s possible you’ll unsubscribe from the newsletters at any time.


Supply hyperlink