OpenConnect does not properly logout from Juniper VPNs
Bug #1655279 reported by
Dan Lenski
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openconnect (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The Juniper protocol lacks a .vpn_close_session function; without logout, the VPN cookie remains active and can be used to restart the session from an unrelated computer.
This is a security hazard, especially when passing around OpenConnect logs on the mailing list for development and troubleshooting.
Patch is straightforward: http://
(Ubuntu 16.04.1 LTS, openconnect v7.06)
Changed in openconnect (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
The attachment "juniper_ logout. patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]