Sharing connection information could be a problem among users of the same VPN server without proper protection, researchers have found. Corporate VPN servers in particular are vulnerable to the flaw.