According to cyber forensics course specialists from the International Institute of Cyber Security (IICS) the services of virtual private networks (VPN) provided by some companies are vulnerable to security flaws that could allow an attacker to enter remotely into a company’s internal network.
The cybersecurity area of the Department
of Homeland Security issued an alert after the publication of a CERT/CC
report, a vulnerability disclosing center.
The report mentions that VPN applications from
four different vendors (Pulse Secure, Cisco, F5 Networks, and Palo Alto
Networks) erroneously store authentication tokens and session cookies on users’
It is worth mentioning that this VPN service is
not like the one that is used regularly to hide our browsing, but it is
implemented by a company IT staff to allow remote workers access to the network
resources of the company.
According to the cyber forensics course experts,
applications generate tokens from the password of each user and are stored on
your computer to keep the user connected without having to enter your password
again every time you enter. However, if these tokens are stolen by a threat
actor, they can access the account of the committed user without having to get users’
In addition, if the attacker gains access to
the compromised user’s computer in other ways (through malware, for example),
it is possible to extract the tokens and use them to access the company’s
networks with the same privileges as the victim, including company
applications, systems and data.
The cyber forensics course expert mentioned
that, until now, only Palo Alto Networks has confirmed that GlobalProtect, its
enterprise VPN service, has some security vulnerabilities. The company has already
launched an update for its users in Microsoft and Apple.
CERT specialists believe that many other VPN
applications (maybe hundreds of these services) could present serious security flaws,
although they note that further testing is needed to confirm this assumption.