In April 2019, the United States’ CERT Coordination Center released information about vulnerabilities affecting various Virtual Private Network (VPN) applications. These applications provide access to VPNs — networks that exist over a public network while, at the same time, have some of the properties of a private network. VPN networks often provide their users with cryptographic encryption, traffic and session authentication and a separation of a private IP realm from a public IP realm.
The purpose of this article is to discuss the VPN vulnerabilities found by the U.S. CERT Coordination Center and provide recommendations to system administrators on how they can identify and eliminate such vulnerabilities.
An overview of the VPN vulnerabilities found by the CERT Coordination Center
The CERT Coordination Center divides the identified VPN vulnerabilities into two categories: vulnerabilities related to insecurely storing cookies in log files and vulnerabilities related to insecurely storing cookies in memory.
Certain versions of the software GlobalProtect Agent include both types of vulnerabilities. According to the CERT Coordination Center, those versions “may allow an attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.” (Source.) Certain versions of the software Pulse Secure Pulse Desktop Client and Network Connect also include both types of vulnerabilities. Those versions allow attackers to access session tokens to replay and spoof sessions, thus gaining unauthorized access as end users.
The vulnerabilities mentioned above clearly indicate that VPN are not bulletproof security solutions. Dark Reading quoted Amy Herzog, field CSO at Pivotal on the subject: “As with the firewalls of a couple of decades ago, VPNs are just one part of a company’s security posture. CISOs and CSOs should ensure their VPN use is as secure as possible, (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Dimov. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/NGDfr7cim6k/