Virtual Private Networking apps are usually the security/privacy-enabling technology that helps many across the globe to browse the web with freedom. But the Homeland Security believes that several of these enterprise VPN apps are vulnerable to attacks.
An alert was sounded by Homeland Security’s Cybersecurity and Infrastructure Security Agency following a disclosure by CERT Coordination Center at Carnegie Mellon University. The agency has said that several of these VPN apps made by Cisco, Palo Alto Networks, F5 Networks, and Pulse Secure have critical vulnerabilities that put many of its users at risk of being targeted by hackers.
The agency has said in its bulletin that VPN enterprise apps built by these four vendors store authentication tokens and session cookies on user’s computer, which through a malware could be then accessed to gain access to the company’s network by a malicious actor.
Only Palo Alto Networks among these companies have acknowledged the fact that its GlobalProtect app was vulnerable. It has also issued a patch for both Windows and Mac clients to fix the problem. But no patches have been deployed by others mentioned in the bulletin. The agency believes that there could be more apps which could be suffering from such issues and extensive testing would be required to determine if hundreds of these are at risk too.