SSL-VPN MFA Bypass CVE-2024-12802

Overview

This document outlines the conditions under which an SSLVPN User Domain configuration is considered vulnerable or not vulnerable in relation to the primary LDAP domain when additional Active Directory UPN suffix is used. Additionally, it includes references to CVE-2024-12802 and the updated PSIRT Advisory SNWLID-2025-0001, providing essential mitigation steps.

Related Security Advisory & CVE

CVE-2024-12802: This vulnerability allows an attacker to bypass MFA in SonicWall SSL-VPN by exploiting the separate handling of UPN and SAM account names in Microsoft Active Directory integration. This can result in an authentication mismatch, permitting unauthorized access.

Updated SonicWall Advisory: SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name.

NOTE: For mitigation steps, please refer to the updated PSIRT advisory here:SNWLID-2025-0001