SonicWall SSL-VPN Multi-Factor Authentication Bypass Vulnerability

A vulnerability allowing bypass of multi-factor authentication (MFA) has been identified in SonicWall SSL-VPN. This issue arises from the different handling of User Principal Names (UPN) and Security Account Manager (SAM) account names when integrated with Microsoft Active Directory. This discrepancy allows MFA to be configured separately for each login method, potentially enabling attackers to exploit the alternative account name to bypass MFA.

Impact

Exploitation of this vulnerability allows for bypassing multi-factor authentication, creating a risk of unauthorized access.

Remediation

Users of SonicWall Gen6 Firewalls should upgrade to version 6.5.5.1-6n or higher. For Gen7 and Gen8 Firewalls, upgrading to the latest version is sufficient. After upgrading, delete the existing LDAP server configuration that uses userPrincipalName in the Qualified login name field, remove locally listed LDAP users, and adjust the User Domain in SSL VPN Server Settings to the default LocalDomain. Reboot the firewall and create a new LDAP server configuration without userPrincipalName. A script is available to automate this mitigation using the SonicOS API or SSH.