The CERT Coordination Center released an alert that several leading enterprise VPNs insecurely store session cookies insecurely in memory.
An attacker could exploit this vulnerability to take control of the company’s internal network.
Virtual Private Network (VPNs) are used to create a secure connection with another network over the internet.
The vulnerability found in the leading enterprise VPN apps that includes Cisco, Palo Alto Networks, Pulse Secure, and F5 Networks.
To keep the user session active the VPN apps generate token’s based on the user’s password and store in the computer to avoid having them to re-enter the password again.
But if the attacker gains persistent access to a VPN user’s endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods.
An attacker would then have access to the same applications that the user does through their VPN session,” reads US-CERT advisory.
Out of the 4 affected apps, F5 Networks and Palo Alto Networks released a security update. With F5 the vulnerability is fixed in version 12.1.3 and 13.1.0 onwards. Palo Alto Networks GlobalProtect version 4.1.1 patches this vulnerability.
This vulnerability can be tracked as CVE-2019-1573, Checkpoint and
Cloudflare Launched Warp – A New Free VPN Service for iOS and Android Users
OpenVPN – Google Cloud Allowing Remote users to Connect to Your Corporate Network & Apps over VPN