Researchers with National Defense ISAC Remote Access Working Group discovered multiple Virtual Private Networks (VPN) applications were insecurely storing authentication and/or session cookies in memory logs and files.
The vulnerability would allow an attacker to replay the session and bypass other authentication methods and ultimately grant them access to the same applications as the user through their VPN session, according to an April 11 security notice.
Researchers said Palo Alto Networks GlobalProtect product prior to version4.1.0 (CVE-2019-15373) and Pulse Secure Connect Secure product prior to version 8.1R14, 8.2, 8.3R6, and 9.0R2 stored the cookie insecurely in log files.
Palo Alto Networks GlobalProtect product prior to version 4.1, Pulse Secure Connect Secure product prior to version 8.1R14, 8.2, 8.3R6, and 9.0R2 (CVE-2019-1573), and Cisco AnyConnect product version 4.7.x and prior were found to have stored the cookie insecurely in memory.
Researchers said its likely that the configuration is generic to additional VPN applications and that those affected should update their affected systems immediately to patch the vulnerability.
