Main Vulnerability Database SB2019010601

SB2019010601 - Information disclosure in OpenConnect VPN client

Published: January 6, 2019 Updated: May 25, 2020

Security Bulletin ID SB2019010601

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cleartext storage of sensitive information (CVE-ID: CVE-2018-20319)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to OpenConnect VPN client stores credentials in an insecure manner in memory. A local user can read credentials from memory in plain text.

Remediation

Install update from vendor's website.

References

https://labs.nettitude.com/blog/why-you-should-always-have-two-factor-authentication-on-your-vpn-cve-2018-20319/
http://www.infradead.org/openconnect/changelog.html