US-CERT, CISA Warn of Vuln in at Least 4 Major VPNs

US-CERT, CISA Warn of Vuln in at Least 4 Major VPNs

At least four major vendors could be enabling attackers to do the very thing VPNs are made to protect against.

The Cybersecurity and Infrastructure Security Agency issued a warning today after US-CERT reported that multiple VPN vendors store authentication and/or session cookies insecurely in memory and/or log files.

“If an attacker has persistent access to a VPN user’s endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods,” the US-CERT advisory states. “An attacker would then have access to the same applications that the user does through their VPN session.”

US-CERT confirmed that Cisco, Palo Alto Networks, F5 Networks and Pulse Secure products are affected by this . However, the issue is repaired in the latest versions of Palo Alto’s products and partly fixed in F5’s.


Leave a Reply