VPN apps developed by Palo Alto Networks, Pulse Secure, Cisco, and F5 Networks are storing authentication and session cookies insecurely according to a DHS/CISA alert and a vulnerability note issued by CERT/CC. An app fails to “encrypt sensitive or critical information before storage or transmission”” could allow would-be attackers to intercept traffic data
Source: