VPN apps insecurely store session cookies in memory and log files

At least four VPN apps sold or made available to enterprise customers share security flaws, warns the Carnegie Mellon University CERT Coordination Center (CERT/CC).

Virtual private networks (VPNs) are affordable, easy to use, and a vital component in your system. Along with many security features, it ensure the user’s privacy and security. People use VPNs for several reasons, and one of the main reason is security and privacy, as it is used to create a secure, encrypted connection between your system and the server.

What if these VPNs are vulnerable to attackers? At least four VPN apps sold or made available to enterprise customers share security flaws, warns the Carnegie Mellon University CERT Coordination Center (CERT/CC).

The vulnerability was discovered by the researchers at National Defense ISAC and it was later published by CERT Coordination Center.

The National Defense ISAC Remote Access Working Group researchers discovered Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. The worst is, these session cookies are un-encrypted and can be easily accessed by the attackers. This vulnerability includes the names of top players in the security industry.

According to CERT Coordination Center, following products and versions store VPN authentication/session cookies insecurely in log files:

– Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)

– Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2

The following products and versions store the VPN authentication/session cookie insecurely in memory:

– Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)

– Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2

– Cisco AnyConnect 4.7.x and prior

Right after the vulnerability found, Palo Alto Networks confirmed it and released an update for both Windows and Mac.

F5 Networks Inc. has been aware of the insecure memory storage since 2013 and has not yet been patched for the following reasons. Not only this! they have been aware of the insecure log storage since 2017 and fixed it in version 12.1.3 and 13.1.0 and onwards.

About Cisco and Pulse Secure, No statement is currently available from the vendor regarding this vulnerability.

If these big names are vulnerable to attack, which VPN should we use?

Trust is the most important factor when it comes VPN providers. You must use a VPN that is more concerned about the privacy and security of its users. You can check the reviews and read about the provider records, market presence, users, ratings etc.

The need of VPNs is continuously increasing due to the cyberattacks, threats, data breaches and hacking. According to Global Market Insights Inc, the VPN market is set to hit $54 billion by 2024.

On the analysis of 100 VPN brands, VPNpro posted a detailed overview on the VPN market share which is based on publicly available information that puts NordVPN either ahead or poised to jump ahead of the competition in most marketing metrics.

The research also based on 7 most important metrics which includes branded search terms, interest, servers, presence etc. The infographic on this research can be seen here.

About the Author: Susan Alexandra

Susan Alexandra is an independent contributor at Securitytoday and Tripwire. She is a small business owner, traveler and investor of cryptocurrencies. Susan’s inbox is open for new ideas and stories, you can share the story idea to susanalexandra67@gmail.com

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – VPN, privacy)

[adrotate banner=”5″]

[adrotate banner=”13″]