Word of warning...latest CyberGhost update has DNS leak

CrowsEye

Note: I’m not here to trash a PIA competitor, but want to spread the word about what I consider a serious security issue that should be checked on any VPN.

I had been using CyberGhost VPN for the last few years. When I connect to the internet through any VPN I always check that the visible IP address is the one provided by the VPN and that others can only see the server DNS provided by the VPN (ie. no DNS leaks). I do these checks on dnsleaktest.com. A couple of days ago CyberGhost updated their app from CyberGhost 6 to Cyberghost 7. I installed the updated application and proceeded to connect to the internet through CyberGhost 7. When I checked the IP and DNS on dnsleaktest.com, the IP was fine but to my shock not only the CyberGhost server's DNS was visible but also my own internet provider! If you use a VPN, you are concerned about privacy when surfing the internet. If your internet provider's DNS is easily tracked, then so is your web browsing.
I contacted CyberGhost about this security flaw. Unfortunately, their response was to blame my browser, saying that I hadn't cleared the cache and hadn't set the privacy settings properly. This was BS! I did clear the Firefox cache and had settings to no tracking and no saving browsing history, I still had the older version of CyberGhost on my PC and when I connected to the internet through this previous version everything was fine: only CyberGhost IPs and DNS servers showed up when I did the DNS leak test. I told the CyberGhost CSR this a couple of days ago and am still awaiting a response. In the mean time, if you are concerned about privacy when surfing the internet or downloading torrents I would advise against using CyberGhost VPN or at least do not use the latest update...and always, always when using a VPN double check that the IP and DNS are only the ones provided by the VPN.

JackO

Why are you posting this here anyway?

wait...you are seeing both your VPN DNS address and your VPN public IP and they are different on a DNS leak test?

"....only CyberGhost IPs and DNS servers showed up when I did the DNS leak test."

Wait a second here. With a correct DNS leak test on VPN the only IP that should show up is your public VPN IP address. It should not be the VPN public IP AND the VPN service DNS servers, it should only be the VPN public IP.

"When I connect to the internet through any VPN I always check that the visible IP address is the one provided by the VPN and that others can only see the server DNS provided by the VPN (ie. no DNS leaks)"

"...I still had the older version of CyberGhost on my PC and when I connected to the internet through this previous version everything was fine: only CyberGhost IPs and DNS servers showed up when I did the DNS leak test. I told the CyberGhost CSR this a couple of days ago and am still awaiting a response."

Nope, that is not correct, that does not mean there is no dns leak. If you do not have a DNS leak the only IP that should be seen by others, including the dns leak test, is the VPN public IP assigned to your connection - others, including the DNS leak test, should not see "the server DNS provided by the VPN" at all even if it is the VPN service DNS. That's part of what preventing DNS leaks, and a DNS leak protection, does, it keeps your in use DNS from being exposed but according to what you wrote your DNS is being exposed even with the older version of CyberGhost. It does not matter if its your VPN service DNS or not. No! everything was not fine if "CyberGhost IPs and DNS servers showed up when I did the DNS leak test" - you had a DNS leak if the CyberGhost DNS servers AND the CyberGhost IP showed up on the DNS leak test. You have a DNS leak if you see any other IP other than the VPN public Ip assigned to you connection on the DNS leak test. If the IP showing on the DNS leak test is not the VPN public IP assigned to your connection and/or DNS servers show up also you have a DNS leak. if the IP showing up on the DNS leak test is the VPN public IP AND your DNS servers show up then you have a DNS leak.

The fact that your in use DNS was exposed in the DNS leak test does not mean you did not have a DNS leak because it was the CyberGhost DNS, it means you do and have had a DNS leak all this time even using that older version of CyberGhost even if your real IP was not disclosed. In other words the issue is not with CyberGhost, the issue is on your system. Maybe WebRTC enabled in the browser or your configuration which is why the CyberGhost response was clear the cache and set the privacy settings properly (disabling WebRTC is part of setting up the privacy aspect of your browser) and why CyberGhost did not jump all over your issue as there was no issue with their product as you described it and the common reasons for what you call a "security" issue here is what they told you do to.

"I had been using CyberGhost VPN for the last few years."

Based upon what you wrote, you have had a DNS leak for the last few years and thought it was normal operation. Your  "serious security issue" is not with CyberGhost, its with you.

The "serious security issue" you are disclosing is not a secret. Its a known issue on any VPN service, but its really not a security issue and is normal activity if there was not a VPN in use but it is an issue if the VPN is suppose to help your location stay unknown. This is why VPN services have 'DNS Leak prevention' available in their clients. But the effectiveness and use of that 'DNS Leak prevention' can be compromised by the users system or something else the user uses or is on the users system(e.g. browser, bit torrent client, old TAP adapters or older version of the VPN software, other VPN services software, some of the things people claim are 'security necessary' but really are not and can really screw you up, installing a new version of the VPN service software over the old version, etc.... ) and/or the user configuration.