VPN apps found insecurely storing session cookies

Recently, few researchers with National Defense ISAC Remote Access Working Group found out that several VPN applications were insecurely storing authentication information, and also the session cookies in their memory logs and files.

The attackers could easily replay the sessions stored in the VPNs and bypass other authentication methods to access the same apps used by the victims.

Researchers said Palo Alto Networks GlobalProtect product prior to version4.1.0 (CVE-2019-15373) and Pulse Secure Connect Secure product prior to version 8.1R14, 8.2, 8.3R6, and 9.0R2 stored the cookie insecurely in log files.

The firms said to have the vulnerability are Palo Alto Networks GlobalProtect product prior to version 4.1, Pulse Secure Connect Secure product prior to version 8.1R14, 8.2, 8.3R6, and 9.0R2 (CVE-2019-1573), and Cisco AnyConnect product version 4.7.x.

Researchers advised that users affected by vulnerability should update their affected systems immediately to eliminate the vulnerability.