2 min

Security researchers Orange Tsai and Meh Chang have found several vulnerabilities in popular business VPN services. The errors can be misused to secretly break into business networks, thus stealing business secrets.

The vulnerabilities were found in the services of three major business VPN providers: Palo Alto Networks, Pulse Secure and Fortinet. According to the researchers, who shared their findings with TechCrunch, the errors are also easy to exploit remotely.

The VPNs of the three providers are used by employees to work remotely. To enable remote working, employees often need access to resources on the network. The VPN services make that possible.

Usually, employees have to fill in their business login details, as well as a two-step verification code. By connecting over an SSL connection, a secure tunnel is created between the user’s computer and the business network.


Tsai and Chang argue, however, that the errors they found allow anyone to secretly enter a business network, without the need for working login details.

We were able to compromise the VPN server and the corporate intranet without the need for authentication, says Tsai. We could also compromise all VPN clients and steal all the victims’ secrets.

The researchers argue that in the event of a Palo Alto error, a simple format string error – in which, for example, entered text is not properly understood by the server – is enough to cause the service to crash.


The researchers contacted Palo Alto Networks. The company initially said that the errors had already been found internally, and made no public statement about them. After Tsai and Chang made a blog post with their findings, an advisory report was published. Also, the errors have now been solved.

Fortinet has also released advisories for the errors in his service. In addition, the company has released new firmware to fix them. System administrators are therefore advised to update their vulnerable gateways to the latest version.

Finally, Pulse Secure’s Chief Marketing Officer Scott Gordon states that the company has notified its customers of the vulnerability and an available patch.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.