"Palo Alto Networks Closes Door on TunnelCrack"

Palo Alto Networks has responded to researchers' TunnelCrack Virtual Private Network (VPN) eavesdropping technique demonstrated earlier in August. According to the study, most VPNs could be tricked into leaking traffic. They described two vulnerabilities, one of which enabled traffic to leak on the VPN client side (LocalNet) and the other on the server side (ServerIP). Palo Alto Networks has now issued an advisory noting that the vulnerabilities are product- and configuration-specific. The company says its GlobalProtect agent deployments on iOS, Android, and ChromeOS are not vulnerable to LocalNet attacks. In addition, all platforms running GlobalProtect are safe if they are configured with no direct access to the local network. This article continues to discuss Palo Alto Networks' response to the TunnelCrack VPN eavesdropping technique. 

iTnews reports "Palo Alto Networks Closes Door on TunnelCrack"