Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday April 14 2019, @12:33PM   Printer-friendly
from the good-luck,-I'm-behind-7-vpns dept.

CERT Vulnerability Note VU#192371 released this week describes a vulnerability due to insecure Cookie or Authentication Token storage (in memory or log files) of several common VPNs. The vulnerability allows attackers able to either access an endpoint, or exfiltrate data from it, to replay sessions bypassing other authentication methods, thus gaining access to any resources the user can access through the VPN session.

Vulnerable vendors include

    CISCO - "will incorporate this feedback into discussions for future design improvements of the Cisco AnyConnect VPN Solution"
    F5 Networks, Inc - fixed it in version 12.1.3 and 13.1.0 and onwards
    Palo Alto Networks - fixed in GlobalProtect Agent 4.1.1 and later for Windows, and GlobalProtect Agent 4.1.11 and later for macOS.
    Pulse Secure - no statement yet

Known unaffected VPN vendors

    Check Point Software Technologies
    LANCOM Systems GMBH
    pfSense

(Information is not yet available on an additional 230 vendors)


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by Anonymous Coward on Sunday April 14 2019, @01:48PM (3 children)

    by Anonymous Coward on Sunday April 14 2019, @01:48PM (#829363)

    I started to use pfSense very long time ago, by only curiosity. And must admit, it was an initiator which in a span of couple years actually made me wanting FreeBSD on all of my network equipment, including servers and lately, even desktops. For pure technical reasons, like uptime robustness or ipv6 stack quality, or a true filesystem, not because of any ideology. So it came to pass, I used to use all kinds of Linux contraptions for 17 years in total, but now none of them.

    (disclaimer: my 18cm beard is now a serious BSD bias indicator)

    Starting Score:    0  points
    Moderation   +5  
       Insightful=1, Interesting=3, Funny=1, Total=5
    Extra 'Interesting' Modifier   0  

    Total Score:   5  
  • (Score: 0) by Anonymous Coward on Sunday April 14 2019, @02:30PM (1 child)

    by Anonymous Coward on Sunday April 14 2019, @02:30PM (#829373)

    I also prefer *BSD, and always have even from the 'net' days, but video drivers is a killer. Forces many of us into Linux-land.

    • (Score: -1, Offtopic) by Anonymous Coward on Sunday April 14 2019, @02:34PM

      by Anonymous Coward on Sunday April 14 2019, @02:34PM (#829375)

      test response

  • (Score: 4, Interesting) by crafoo on Sunday April 14 2019, @02:55PM

    by crafoo (6639) on Sunday April 14 2019, @02:55PM (#829379)

    yep, pfsense is pretty nice. I got into it about the same way - tried it out on a router. No issues with it for years, and it has VPN setup as well as DNS and a few other nice features configured. FreeNAS is pretty decent too and is BSD. I tried a few desktop BSD distributions and they seem alright, but the video situation is not that great as you mentioned. I have another little box with SVN and some random web server stuff on it too. One thing I really like - the BSD documentation is pretty good.