When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The flaw is found in Secure Client, and is described as carriage return line feed injection vulnerability.
Individual hosts and services behind the VPN headend would still need additional credentials for successful access."
TheHackerNewsexplained that the vulnerability stemmed from insufficient validation of user-supplied input.
Hackers could use the flaw to trick potential victims into clicking a custom-tailored link while establishing a VPN session.
All the victims need to do is visit a website under the attackers control.
