Android VPN Configuration Bypass Secure Data Communication Redirection Weakness
Local Access Required,
Mobile Phone / Hand-held Device
Attack Type Unknown
Loss of Confidentiality
Android contains a flaw that is during the handling of a specially crafted application. This may allow a local attacker to bypass a secure virtual private network (VPN) connection and redirect potentially sensitive cleartext information to a location they control.
We are not currently aware of a solution for this vulnerability.