The Juniper protocol lacks a .vpn_close_session function; without logout, the
VPN cookie remains active and can be used to restart the session from an unrelated computer.
This is a security hazard, especially when passing around OpenConnect logs on the
mailing list for development and troubleshooting.
The Juniper protocol lacks a .vpn_close_session function; without logout, the
VPN cookie remains active and can be used to restart the session from an unrelated computer.
This is a security hazard, especially when passing around OpenConnect logs on the
mailing list for development and troubleshooting.
Patch is straightforward: http:// lists.infradead .org/pipermail/ openconnect- devel/2017- January/ 004161. html
(Ubuntu 16.04.1 LTS, openconnect v7.06)