Disable WPAD now or have your accounts and private data compromised

The Web Proxy Auto-Discovery Protocol (WPAD), enabled by default on Windows and supported by other operating systems, can expose computer users’ online accounts, web searches and other private data, security researchers warn.

Man-in-the-middle attackers can abuse the WPAD protocol to hijack people’s online accounts and steal their sensitive information even when they access websites over encrypted HTTPS or VPN connections, said Alex Chapman and Paul Stone, researchers with U.K.-based Context Information Security, duringthe DEF CON security conference this week.

WPAD is a protocol, developed in 1999 by people from Microsoft and other technology companies, that allows computers to automatically discover which web proxy they should use. The proxy is defined in a JavaScript file called a proxy auto-config (PAC) file.

The location of PAC files can be discovered via WPAD in several ways: Through a special Dynamic Host Configuration Protocol (DHCP) option, through local Domain Name System (DNS) lookups or through Link-Local Multicast Name Resolution (LLMNR).

Source link

Leave a Comment