If users log into the OpenVPN AS web interface using Firefox or IE and login then reboot and go back to the OpenVPN AS web interface using those browsers they are still logged in. Is this intended behavior? It doesn't seem as secure as most would like.
Repro steps
* Login to Windows
* Open Firefox
* Browse to https://vpn.companyname.com
* Enter Username/Password select Connect drop-down and click Go
* User is logged in and asked for their Google Authenticator code
* Restart Windows
* Open Firefox
* Browse to https://vpn.companyname.com
The user sees the logged in screen with "Connect" and "Logout" buttons as well as the option to download a client and a user-locked profile
We are NOT seeing this issue with Google Chrome - users are forced to login again after reboot.
web interface credentials surviving a reboot when using Firefox and IE
-
- OpenVpn Newbie
- Posts: 15
- Joined: Thu May 25, 2017 12:21 pm