Richard Warren
David CashAs part of a recent client engagement, we conducted a product assessment of the Cato Client. During this assessment, we discovered significant …
Read Article
Richard Warren
David CashThe Cato Client was found to store authentication data within the trace logs generated by the desktop client during SSO authentication.
Read Article
Richard Warren
David CashThe OpenSSL implementation in the winvpnclient.cli.exe service executable is configured to load an openssl.cnf file from a location that does not …
Read Article
Richard Warren
David CashThe Cato Client was found to use an insecure temporary folder for downloading and processing updates.
Read Article
Richard Warren
David CashThe web service used during the Cato SSO authentication flow was found to contain an Open Redirect issue, which could allow a remote attacker to …
Read Article
Richard Warren
David CashThe Cato Client suffers from a Remote Code Execution vulnerability which could be triggered via a URL handler, or via requests to the local webserver.
Read Article
Richard Warren
David CashThe Cato Client allows a low-privileged, local user to install arbitrary Root CA Certificates in the computer’s certificate store.
Read Article