VPN Applications Unencrypted Store of Session Cookies Vulnerability

Release Date: 12 / 04 / 2019
Last Update: 12 / 04 / 2019
Criticality Level:  

A vulnerability was identified in VPN applications, a remote attacker could exploit this vulnerability to trigger spoofing, disclose sensitive information and bypass security restriction on the targeted system.

  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing
  • Palo Alto Networks GlobalProtect Agent 4.1.0 and prior versions
  • Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2
  • Cisco AnyConnect 4.7.x and prior versions

Before installation of the software, please visit the software manufacturer web-site for more details.


  • The vendor has issued a fix for Palo Alto Application (Palo Alto Networks GlobalProtect version 4.1.1)
  • Notes: No patch is currently available for Cisco product and Pulse Secure product.