Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 29 subscribers
  • Views 895 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Are SSLVPN passwords compromised?

francis Soen

I have my XG230 SSLVPN's authenticated via my AD server sitting behind the firewall.  Now I know I can see the users on the Authentication--> Users page.  Theoretically, the users' passwords are not actually stored on the firewall itself, correct?  So this SQL injection attack should not have been able to access the users' passwords, correct?  Or is that still to be determined?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    At this time, there is no indication that the attack accessed anything on the local networks behind any impacted XG Firewall. It appears the attack was designed to download payloads intended to exfiltrate XG Firewall-resident data.

    The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access. Passwords associated with external authentication systems such as AD or LDAP are unaffected.

    We are continuing to investigate and expect to release more details of the attack. Please follow https://community.sophos.com/kb/en-us/135412 for further updates.

Reply
  • 0

    Hi  

    At this time, there is no indication that the attack accessed anything on the local networks behind any impacted XG Firewall. It appears the attack was designed to download payloads intended to exfiltrate XG Firewall-resident data.

    The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access. Passwords associated with external authentication systems such as AD or LDAP are unaffected.

    We are continuing to investigate and expect to release more details of the attack. Please follow https://community.sophos.com/kb/en-us/135412 for further updates.

Children