Hi
You may have heard of Friday’s announcement (April 11th 2019) from the United States Department of Homeland Security, warning of a security bug in several of the leading enterprise virtual private network security applications.
www.us-cert.gov/ncas/current-activity/2 ... plications
www.kb.cert.org/vuls/id/192371/
Does this affect to the SoftEther VPN?
Regards,
About Recent VPN vulnerabilities announcement from CISA.
-
- Posts: 6
- Joined: Tue Apr 16, 2019 6:33 pm
-
- Posts: 1
- Joined: Wed Apr 17, 2019 8:21 pm
Affected by vulnerability?
Is Softether affected by this vulnerability?
"On Thursday, April 11, researchers from the Carnegie Mellon University Software Engineering Institute published a global vulnerability regarding virtual private network (VPN) applications storing authentication and/or session cookies insecurely in memory and/or log files."
Articles:
https://www.kb.cert.org/vuls/id/192371/
https://securityaffairs.co/wordpress/83 ... flaws.html
"On Thursday, April 11, researchers from the Carnegie Mellon University Software Engineering Institute published a global vulnerability regarding virtual private network (VPN) applications storing authentication and/or session cookies insecurely in memory and/or log files."
Articles:
https://www.kb.cert.org/vuls/id/192371/
https://securityaffairs.co/wordpress/83 ... flaws.html
-
- Site Admin
- Posts: 2078
- Joined: Sat Mar 09, 2013 5:37 am
Re: About Recent VPN vulnerabilities announcement from CISA.
Not exactly the same, but there may be similar problem.
Session keys are stored in the VPN Server log, so anyone who can access the VPN server log can hijack the session.
Session keys are stored in the VPN Server log, so anyone who can access the VPN server log can hijack the session.