Vuln affects Palo Alto Networks, Fortinet and Pulse Secure
SECURITY FLAWS in three popular corporate VPNs that could enable attackers to steal confidential information from a company’s networks.
Researchers at Devcore claim to have discovered security flaws in three popular corporate VPNs that could enable attackers to steal confidential information from a company’s network.
The vulns affect three corporate virtual private networks (VPN) providers, namely, Palo Alto Networks, Fortinet, and Pulse Secure.
VPNs are used to encrypt traffic between points on the internet, extending a private network across a public network. They are often used to enable staff working remotely to access resources on their organisation’s corporate network.
Usually, companies provide their staff with a corporate username and password that need to be entered, along with a two-factor authentication code, before access to the company’s network can be granted for the VPN.
But range Tsai and Meh Chang, the security researchers who first noticed those bugs, claim that the flaws they unearthed could enable anyone to silently break into a company’s network without requiring a username/password.
“A few SSL VPN vendors dominate the market. Therefore, if we find any vulnerability on these vendors, the impact is huge,” Tsai told TechCrunch, ahead of a presentation at the Black Hat USA event in August.
In an online post, the researchers described the format string flaw affecting Palo Alto’s GlobalProtect portal and GlobalProtect Gateway products.
The company quickly updated its software when it was informed about the security vulnerability, but said that the majority of staff were not using the Palo Alto VPN as a primary VPN.