Multiple Enterprise VPN Apps Allow Attackers to Bypass Authentication



Enterprise VPN applications developed by Palo Alto Networks, Pulse Secure, Cisco, and F5 Networks are storing authentication and session cookies insecurely according to a DHS/CISA alert and a vulnerability note issued by CERT/CC, potentially allowing attackers to bypass authentication. […]

Source:: BleepingComputer