The Department of Homeland Security has issued a warning that VPN packages from several enterprises including Cisco, Palo Alto, F5 and Pulse may improperly store authentication tokens and session cookies on user computers. Thus, attackers can exploit this vulnerability to take control of an affected system.

The vulnerability note written by Carnegie Mellon University’s Madison Oliver says that “If an attacker has persistent access to a VPN user’s endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods. An attacker would then have access to the same applications that the user does through their VPN session.”

According to the CERT warning, the following products and versions store the cookie insecurely in log files:

The following products and versions store the cookie insecurely in log files:
– Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
– Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2

The following products and versions store the cookie insecurely in memory:
– Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
– Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2
– Cisco AnyConnect 4.7.x and prior

Palo Alto Networks has confirmed its GlobalProtect app was vulnerable and has issued a patch, TechCrunch notes. Cisco and Pulse Secure have not, and F5 is advising users to use a one-time password or two-factor authentication instead of password-based authentication.

Security Tips:

If you want to use the internet privately and securely with a VPN, you can consider ExpressVPN which is #1 trusted leader in VPN industry. This VPN is based in the British Virgin Island and it keeps no logs of your online activities. It offers a large network of 3,000+ VPN servers in 160 VPN server locations in 94 countries, with unlimited bandwidth and unlimited server switches. ExpressVPN has all the advanced features you’d expect from the top VPN, including Split tunneling, Kill switch, DNS/IPv6 leak protection, 256-bit AES encryption and more. Torrenting is allowed on all ExpressVPN servers, and it usually has a handful of servers that work with Netflix. ExpressVPN is offering a huge discount now. Starting with just $6.67 a month, one can save 49% and get an extra 3 months free to enjoy unlimited VPN access and 100% safe browsing experience. 

Published by Michael Myn & last updated on April 28, 2019 4:35 am

Leave a Reply

Your email address will not be published. Required fields are marked *