We tasked the Gothenburg based security consulting firm, Assured AB with performing a security audit towards our VPN infrastructure. We invite you to

VPN server audit found no information leakage or logging of customer data

submited by
Style Pass
2022-06-22 17:30:06

We tasked the Gothenburg based security consulting firm, Assured AB with performing a security audit towards our VPN infrastructure.

We invite you to read the final report of our second security audit on Mullvad’s VPN infrastructure, concluded in May 2022, with fixes deployed during early June 2022.

We are satisfied with the independent auditors concluding statements, where they say that “…the configuration is sound and did not display signs of any direct customer information“, and “In summary; externally the deployments have quite a strong posture“

Prior to the audit we deployed three (3) freshly installed VPN servers which were installed for this specific use-case, meaning they were not being used by customers at the time Assured AB gained access. They audited two (2) WireGuard VPN servers (one (1) of which runs with no disks in use), and one (1) OpenVPN server.

To quote Assured AB: “This results in a potential privilege escalation vector which could allow an attacker with access to the promtail service account to obtain root access.“

Leave a Comment