A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check. This issue affects only firmware version SonicOS 7.1.1-7040.Ĭurl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedĪn improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |