Vulnerability Alert: Multiple Virtual Private Network (VPN) applications are storing cookies insecurely

At SandStorm IT, we try to keep you up to date on the latest in tech news. This is especially true when the case is a potential vulnerability that could affect your business. A recent report from Carnegie Mellon University’s Software Engineering Institute is warning of an issue with multiple Virtual Private Network applications that could potentially allow an attacker access to your session data and cookies. It’s worth mentioning that if you have a SonicWALL firewall solution from SandStorm IT, this issue doesn’t affect the SonicWALL line of products (NetExtender).

Description of the issue from the report:

“Virtual Private Networks (VPNs) are used to create a secure connection with another network over the internet. Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.

CWE-311: Missing Encryption of Sensitive Data
The following products and versions store the cookie insecurely in log files:
– Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
– Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2

The following products and versions store the cookie insecurely in memory:
– Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
– Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2
– Cisco AnyConnect 4.7.x and prior

It is likely that this configuration is generic to additional VPN applications. If you believe that your organization is vulnerable, please contact CERT/CC at cert@cert.org with the affected products, version numbers, patch information, and self-assigned CVE.”

Affected Software:

• Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
• Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2
• Cisco AnyConnect 4.7.x and prior

What is happening?

An attacker can bypass your VPN’s authentication methods and gain access to your VPN protected resources.

What can I do?

While this sounds bad, it’s worth mentioning that not ALL Virtual Private Network applications are affected, only a few. If you are using any of these VPN applications, please update your software to patch this vulnerability. As you know, simply maintaining the patches can go a long way in IT security.

If you have any questions regarding firewalls, VPN’s or any other networking questions, feel free to contact SandStorm IT at 901-475-0275. SandStorm IT recommends and sells SonicWALL firewalls, which are not affected by this vulnerability.