Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SMAConnectAgent exposes Username/Password in SSO Bookmarks

BWCBWC Cybersecurity Overlord ✭✭✭

Hi,

today a customer reported that Username and Passwort got exposed in cleartext in the SMAConnectAgent log on each endpoint. This behavior is fixed with SMA Firmware 10.2.0.3 which brings SMAConnectAgent 1.1.33.

It happens when connecting to a Bookmark with SSO enabled and needs the SMAConnectAgent running, like Native RDP Bookmark.

Most of you probably already updated, but the Log File might be still on the endpoint, you should check and remove it.

C:\ProgramData\sonicwall\SMAConnectAgent

Sorry if this is old news, but I wasn't paying enough attention, maybe so do you.

--Michael@BWC

Category: Secure Mobile Access Appliances
Reply
Sign In or Register to comment.