[ad_1]
Several enterprise VPN applications are exposed to a security bug that can allow an attacker to remotely penetrate a company's internal network, according to a warning issued by the Homeland Security Cybersecurity Division.
The government's Cybersecurity and Infrastructure Security Agency on Friday issued an alert following a public disclosure by the CERT / CC, the Vulnerability Disclosure Center of Carnegie Mellon University.
VPN applications created by four vendors – Cisco, Palo Alto Networks, Pulse Secure, and F5 Networks – incorrectly store authentication tokens and session cookies on a user's computer. These traditional consumer VPN applications are not used to protect your privacy, but enterprise VPN applications that are typically deployed by a company's IT staff to allow remote workers to access corporate network resources. .
Apps generate tokens from a user's password and stored on their computer to keep them connected without having to re-enter their password each time. But if they are stolen, these tokens can allow access to this user's account without needing their password.
But with access to a user's computer – for example, via malicious software – an attacker could steal these tokens and use them to access the network of a company with the same level of access as the user. This includes applications, systems, and company data.
Until now, only Palo Alto Networks has confirmed that its GlobalProtect application is vulnerable. The company has released a patch for its Windows and Mac clients.
Neither Cisco nor Pulse Secure has updated their applications. F5 Networks is said to have known storage since at least 2013, but advised users to implement two-factor authentication instead of publishing a patch.
CERT warned that hundreds of other applications could be affected – but additional tests were needed.
[ad_2]
Source link