Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

What does this mean exactly?

Overflow2021Overflow2021 Newbie ✭
in SSL VPN
Was there a credential leak? Just a brute force vulnerability?

IMPORTANT: SonicWall strongly advises that customers using GEN5 and GEN6 firewalls with SSLVPN users who have locally managed accounts immediately update their passwords to enhance security and prevent unauthorized access. Users can change their passwords if the "User must change password" option is enabled on their account. Administrators must manually enable the "User must change password" option for each local account to ensure this critical security measure is enforced.
Category: SSL VPN
Reply
Tagged:

Answers

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    It is quite specifically worded, isn't it? Whether your users have local accounts or are served by RADIUS/LDAP/whatever, whatever generation of firewall, then they should have strong passwords in any case, right?

    So, like you, this suggests to me a credential leak in some specific versions of SonicOS.

  • Overflow2021Overflow2021 Newbie ✭
    Thanks for the reply!

    Do you work for Sonicwall?

    My question still stands.
  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    The CVE is published for this

    Security Advisory (sonicwall.com)

    Revision History

    • Version
    • 1.0
    • Date
    • 22-Aug-2024
    • Description
    • Initial Release.
    • ---------------------------------------
    • Version
    • 1.1
    • Date
    • 23-Aug-2024
    • Description
    • Update - Adjusted CVSS Score to reflect intermittent availability impact.
    • ---------------------------------------
    • Version
    • 1.2
    • Date
    • 28-Aug-2024
    • Description
    • Added Comments - IMPORTANT: SonicWall strongly advises SSLVPN users with local accounts should change their passwords and enable MFA.

Sign In or Register to comment.