SonicWall VPN flaw could allow hackers to hijack your sessions, so patch now
Posted by:
John Harrison
A critical vulnerability in SonicWall VPN has been discovered by Bishop Fox, allowing threat actors to bypass authentication and hijack sessions, potentially accessing sensitive networks. The flaw, tracked as CVE-2024-53704, was deemed critical and affected thousands of vulnerable endpoints. SonicWall urged immediate application of a fix to address the Improper Authentication bug in SSLVPN authentication mechanism. Security researchers presented a proof-of-concept demonstrating the exploitation method, involving sending a custom-built session cookie with null bytes to the authentication endpoint, granting unauthorized access to the session. This development highlights the urgency for users to apply patches promptly to protect against potential cyber threats.
Recent Posts1
