Fear not the “Port Fail” security flaw when using FrootVPN: It’s as secure as ever

Just recently, a security issue on VPNs was revealed. The flaw was described as “a simple port forwarding trick” discovered by the researchers of a certain VPN service provider. It’s a bug that could enable hackers to expose the real IP address of a victim, which could pose a huge security risk for VPN users.

It is a serious vulnerability affecting VPN service providers with port-forwarding services, also called the “Port Fail.”

“We have discovered a vulnerability in a number of providers that allows an attacker to expose the real IP address of a victim,” explains the company who revealed the said security flaw. “Port Fail” affects VPN service providers that offer port forwarding and have no protection against this specific attack.” The flaw affects all VPN protocols across any operating system.

According to the report from BGR.com, as long as an attacker and a regular VPN user employ the same service, the trick can be exploited. The IP address of the victim can be discovered by forwarding traffic on a particular port.

The attacker needs to meet the following requirements to be able to do the trick:

  • Has an active account at the same VPN provider as the victim
  • Knows victim’s VPN exit IP address (can be obtained by various means, e.g. IRC or torrent client or by making the victim visit a website under the attacker’s control)
  • The attacker sets up port forwarding. It makes no difference whether the victim has port forwarding activated or not.

If you’re asking whether the VPN service provider FrootVPN is prone to this security flaw, then fear not. FrootVPN is never prone to this “Port Fail.”

FrootVPN is not affected by this recent security flaw as incoming traffic to the VPN endpoint of users is never allowed, ensuring the highest security possible.

The people behind this best VPN service are all aware of the said vulnerability long time before the news came out, so they’ve kept the service ultra secure, truly living up to its name.

As additional security, FrootVPN offers no NAT (stands for Network Address Translation), a router feature. Port forwarding, the feature commonly found on VPN service providers which is vulnerable to the security flaw, is an application of NAT. The VPN service of FrootVPN wants to ensure that there will be no third-party intervention in any way, to provide complete security and anonymity to all its satisfied users.

  • Eltham Jones

    i recently signed up to FrootVPN, and installed two server configurations; a UK and US proxy. A day or two later I left my machine (a 2009 iMac running El Cap) connected to the US server overnight. When I came down in the morning there was an alert from my network filter (Little Snitch) “Apple screensharingd.bundle wants to accept incoming connections from to port 5900 (rfb)” I denied the connection and assigned a permanent rule blocking incoming connections for this daemon. The IP address led to a location in the Seychelles, presumably another proxy. This seems to me to be an intrusion attempt. I’ve never experienced this kind of alert before and wonder why this should have happened while connected to a VPN tunnel? Next I ran GRC’s Shields Up!. My computer failed and showed responses on port 0 and ports 1024 upwards. when I run the same test outside of the VPN my internet visibility passes with a 100% “true stealth”. Any ideas on this?

  • Alexander Burov


    And what if I want some ports to be opened for me? In particular, 20 and 21 for incoming FTP and 22 for sshd, and some else for bittorrent.