BeQuiet Jubiläum Banner 970x90
Breaking News

Razer unveils the Viper Mini Signature Edition – a magnesium alloy gaming masterpiece CORSAIR Launches New VENGEANCE a8100 and i8100 Gaming PCs and New Component Products for PC Builders Sonos and Amazon to expand access to voice control with Alexa on Sonos devices Samsung announces new S23/Plus/Ultra series and New Galaxy Book3 Ultra PS5 Beta Introduces Discord Voice Chat, VRR support for 1440p, and more

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Some VPN Applications Insecurely Store Session Cookies

Some VPN Applications Insecurely Store Session Cookies

Enterprise & IT Apr 17,2019 0

The CERT Coordination Center (CERT/CC) with the US Department of Homeland Security (DHS) has issued a warning of a newly discovered vulnerability affecting possibly hundreds of Virtual Private Network (VPN) applications.
Virtual Private Networks (VPNs) are used to create a secure connection with another network over the internet. However, multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files, according to the CERT/CC Vulnerability Note VU#192371.

According to CERT , the following products and versions store the cookie insecurely in log files and memory, but it is likely that this configuration is generic to additional VPN applications:

- Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
- Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2
- Cisco AnyConnect 4.7.x and prior

If an attacker has persistent access to a VPN user's endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods. An attacker would then have access to the same applications that the user does through their VPN session.

If you are using any of the affected VPN products, make sure to update them:

  • Palo Alto Networks GlobalProtect Agent version 4.1.1 and later for Windows and GlobalProtect Agent version 4.1.11 and later for macOS patch this vulnerability.
  • Pulse Desktop Client and Network Connect improper handling of session cookies (CVE-2016-8201) SA44114 - 2019-04: Out-of-Cycle Advisory.
  • There is not any known patch at the time of publishing for Cisco AnyConnect.

Tags: VPNCybersecurity
Previous Post
Facebook Working on its Own Smart Assistant
Next Post
Samsung Galaxy A70 Launches In India

Related Posts

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

  • Google Says State-backed Hackers Use Coronavirus For Phishing Attacks

  • Apple to Patch Serious iOS Vulnerability

  • Apple is The Most Imitated Brand For Phishing in Q1 2020

  • Microsoft Shares Threat Intelligence During Global Crisis

  • Avast Launches New Mobile Browser With Complete Data Encryption

BeQuiet Jubiläum Banner 300x600

 

Latest News

Razer unveils the Viper Mini Signature Edition – a magnesium alloy gaming masterpiece
PC components

Razer unveils the Viper Mini Signature Edition – a magnesium alloy gaming masterpiece

CORSAIR Launches New VENGEANCE a8100 and i8100 Gaming PCs and New Component Products for PC Builders
PC components

CORSAIR Launches New VENGEANCE a8100 and i8100 Gaming PCs and New Component Products for PC Builders

Sonos and Amazon to expand access to voice control with Alexa on Sonos devices
Consumer Electronics

Sonos and Amazon to expand access to voice control with Alexa on Sonos devices

Samsung announces new S23/Plus/Ultra series and New Galaxy Book3 Ultra
Smartphones

Samsung announces new S23/Plus/Ultra series and New Galaxy Book3 Ultra

PS5 Beta Introduces Discord Voice Chat, VRR support for 1440p, and more
Gaming

PS5 Beta Introduces Discord Voice Chat, VRR support for 1440p, and more

Popular Reviews

Withings Thermo Wi-Fi-connected temporal thermometer

Withings Thermo Wi-Fi-connected temporal thermometer

EnGenius ECW230 Access Point

EnGenius ECW230 Access Point

Withings Body Plus Scale

Withings Body Plus Scale

Withings Sleep Analyzer

Withings Sleep Analyzer

EnGenius ECW230S AP

EnGenius ECW230S AP

Noctua NH-D12L CPU Cooler

Noctua NH-D12L CPU Cooler

Scythe Fuma 2 CPU Cooler

Scythe Fuma 2 CPU Cooler

be quiet! Pure Rock 2 FX

be quiet! Pure Rock 2 FX

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed