Subscription check bypass of NordVPN service

The reporter identified an issue in one of the NordVPN's infrastructure backend services responsible for checking if the user has a valid subscription. Successful exploitation of this issue does not permanently grant lifetime access to the VPN services, nor does it affect the confidentiality or integrity of other users. To abuse this service a user would have to perform the exploitation steps each time they wish to connect to the VPN service. We are aware that the exploitation of this service is a bit different on mobile applications this is based on minor distinctions between applications' architectural decisions. Nonetheless, the root cause and impact- users can access NordVPN service without an active subscription - is the same for all platforms.