거래 등록, MDF, 판매 및 마케팅 도구, 교육 등에 액세스할 수 있습니다
기술 자료, 커뮤니티, 기술 문서 및 동영상을 검색하시면 질문에 대한 답변을 찾을 수 있습니다
On Thursday, April 11, researchers from the Carnegie Mellon University Software Engineering Institute published a global vulnerability regarding virtual private network (VPN) applications storing authentication and/or session cookies insecurely in memory and/or log files.
At this time, SonicWall is not aware of any situation where a currently valid session token is written to log files outside of very specific debug configurations, which are being eliminated as a precaution to prevent any potential misuse.
As such, SonicWall customers using IPSEC VPN clients (e.g., Global VPN Client) or SSL-VPN clients (e.g., Connect Tunnel, NetExtender, Mobile Connect) in their default non-debug mode are not affected.
It should be noted that storage of the session cookie within VPN client process memory, during an active session, is not considered unwarranted exposure. By design, values within the session cookie are required to maintain session operation if re-establishment is required due to network interruption. In such a scenario, all session material stored by the clients are destroyed once the session is terminated.
We will communicate future updates for this vulnerability via SonicWall Security Advisory SNWLID-2019-0005.