2017-01-10 09:28:32 |
Dan Lenski |
description |
The Juniper protocol lacks a .vpn_close_session function; without logout, the
VPN cookie remains active and can be used to restart the session from an unrelated computer.
This is a security hazard, especially when passing around OpenConnect logs on the
mailing list for development and troubleshooting.
Patch is straightforward: http://lists.infradead.org/pipermail/openconnect-devel/2017-January/004161.html
(Ubuntu 16.04.1 LTS, openconnect v7.06) |
The Juniper protocol lacks a .vpn_close_session function; without logout, the VPN cookie remains active and can be used to restart the session from an unrelated computer.
This is a security hazard, especially when passing around OpenConnect logs on the mailing list for development and troubleshooting.
Patch is straightforward: http://lists.infradead.org/pipermail/openconnect-devel/2017-January/004161.html
(Ubuntu 16.04.1 LTS, openconnect v7.06) |
|