Thursday 10 August 2023

Making the Cloudflare WARP VPN leak DNS requests

Cloudflare offers a free VPN client called Cloudflare WARP. I found that its Windows client can be tricked into leaking all DNS requests. The adversary can then spoof DNS responses and intercept nearly all traffic.

To exploit the vulnerability, the adversary needs to create a rogue Wi-Fi or Ethernet network that supports IPv6. When the local network supports IPv6, all DNS requests are leaked.

Why are DNS requests leaked?

When you enable the VPN tunnel, the Cloudflare WARP client will configure a local DNS server. This can be seen when executing ipconfig:

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   DNS Servers . . . . . . . . . . . : fd01:db8:1111::2
   NetBIOS over Tcpip. . . . . . . . : Enabled

The idea is that the Cloudflare WARP client will act as a local DNS server. This local DNS server will perform the actual DNS requests in a secure manner. For IPv4, the special IP addresses and are configured as the DNS server. These IP addresses refer to the Windows computer itself (they're called loopback addresses). So when the network only supports IPv4, these loopback IP addresses are used for the DNS server, and all DNS requests are handled by the Cloudflare WARP client. The WARP client will then securely handle the DNS requests. So everything works as expected when using IPv4.

The Cloudflare WARP client also configures the IPv6 addresses fd01:db8:1111::2 and fd01:db8:1111::3 as DNS servers. When the local network supports IPv6, these addresses will be used. But these are not loopback addresses referring to the Windows machine itself! These special are Unique Local Addresses (ULAs). This means they behave the same as private IPv4 address of the form 192.168.x.y. In other words, these two IPv6 addresses represent random computers in the local network. They don't represent the Windows computer itself.

All combined, the Cloudflare WARP client is configuring two random IPv6 computers in the local network as DNS servers. Namely, the computers fd01:db8:1111::2 and fd01:db8:1111::3 are configured as DNS servers. So a rogue Wi-Fi network simply needs to advertise support for IPv6, assign itself the IPv6 address fd01:db8:1111::2, and then it will receive all DNS requests:

The leakage of DNS requests has a direct impact on the user's privacy: you can now see which websites the victim is visiting, which apps are being used, and so on.

But there's more: once the adversary can intercept DNS requests, they can also spoof DNS responses. And by doing so, the adversary can easily intercept nearly all IP-based traffic of the victim! For instance, if the victim is looking up the IP address of the adversary can return the IP address of their own server. When the victim now visits this website, all traffic will be sent to the adversary's server (and the adversary can forward it to the real server and back). If the website uses HTTPS then traffic is still protected, but the VPN itself is now completely bypassed, and all unprotected protocols can be subsequently attacked.

The severity was rated as High. This matches the CVSS score of 7.4: it doesn't require user interaction and has a high attack complexity. Intuitively, I would actually say it has a low attack complexity. But CVSS has the following example for high attack complexity: "The attacker must inject themselves into the logical network path [..] e.g., a man in the middle attack". And exploiting the vulnerability essentially requires a MitM position.

Another harder-to-exploit flaw

A second issue was that the Clouldflare WARP client only updated the DNS servers of the first two network interfaces. If you have more than two network interfaces, the DNS servers associated to these extra network interfaces didn't get changed. This means a rogue Wi-Fi network could assign itself as the DNS server, and if the victim has more than two network interfaces, Windows would use the adversary's Wi-Fi router as the DNS server! This happened even when the local network only supported IPv4.

Having multiple network interfaces can occur more often than you think. For instance, if the victim installed VirtualBox, then a virtual network interface is created and the attack becomes possible.

To patch this initial vulnerability, the Windows client was updated to assign the DNS servers and to all network interfaces. Interestingly, it was no longer assigning IPv6 addresses for the DNS server. So that patch, without us really realizing it yet, also prevented the above IPv6-based attack.

All combined, these two vulnerabilities were fixed in beta build 2023.5.170.1 which was made available on May 12, 2023. The first official release that included the fix was version 2023.7.7.0 which was released on July 7, 2023.


I first noticed the "multiple-interfaces DNS leakage" flaw and immediately reported that. While doing so, I already saw some weird IPv6 behavior, but I didn't have time to investigate it. Afterwards I also checked the IPv6 issue and also discovered this more impactful attack.

Finally, I'd like to thank Cloudflare for the smooth handling of this vulnerability and disclosure.