Zscaler App - VU#192371 response
Last week, CERT released Vulnerability Note VU#192371 to highlight that authentication and/or session cookies that are stored insecurely in memory and/or log files can be potentially used in a replay attack.
The use of hardware fingerprinting, client certificates, and SAML assertions in Zscaler App make it impractical to replay authentication session cookies obtained from memory and use these on another system.
In addition, no personal or confidential information is stored in the Zscaler App logs.
Zscaler App is not vulnerable to the replay attack as described under Vulnerability Note VU#192371.
Validated on Zscaler App v1.5 and earlier versions
About Zscaler App
The Zscaler App automatically forwards user traffic to the Zscaler cloud and ensures that security and access policies are enforced, regardless of device, location or application. The app automatically determines if a user is looking to access the open internet, a SaaS app or an internal app running in public, private or the datacenter and routes traffic through the appropriate Zscaler security service. The client supports both Zscaler Internet Access (ZIA) as well as Zscaler Private Access (ZPA) by default, allowing teams to combine best in class internet security with zero trust access to internal apps.