Tag

#mfa

2 posts tagged #mfa.

Analysis · May 25, 2026 · Colten Anderson

SonicWall patched CVE-2024-12802 and left the bug in place on Gen6

The firmware update closes the code path but does not rewrite the LDAP config the exploit actually uses. On Gen6, that distinction is the whole vulnerability.
Analysis · May 20, 2026 · Colten Anderson

A 2020 bug leaked VPN passwords. The orgs that survived had MFA.

CVE-2020-3259 lets an unauthenticated attacker read Cisco ASA memory, sometimes including VPN credentials in cleartext. Akira ransomware used it for initial access years after the patch. The control that turned a leaked password into a non-event was multi-factor authentication.