Sangfor VPN equipment was exposed as a breakthrough for overseas hackers, responding that very few users were affected

China Internet Technology, April 7, Shenzhen Convince announced today that the company has paid attention to various reports and news about the company's SSL VPN product vulnerabilities. After receiving the vulnerability information, the company has established an emergency response team as soon as possible in accordance with the emergency response process. To thoroughly investigate the incident. After investigation by the company's technical staff, among the tens of thousands of users of SSL VPN products, only a few users have been affected. The company has taken the initiative to contact the affected users as soon as possible, and assist users to do a good job.

According to the announcement, the investigation and analysis confirmed that the prerequisite for attacking with the SSL VPN product vulnerability is that the SSL VPN management and control authority has been obtained, that is, the attacker can only use the administrator authority of the SSL VPN product of the Shencon service to the attacker The vulnerability launches an attack. Therefore, it is more difficult to exploit the vulnerability of the product.

As of the date of this announcement, the company ’s detection tools (to help users detect whether they have been attacked) and proprietary anti-virus tools (to detect and kill malicious software) for the aforementioned vulnerabilities in SSL VPN products have been completed, and the main version of the repair patch The package (to help users fix vulnerabilities) has been released. The company will provide all SSL VPN product users with free detection tools, exclusive killing tools, repair patch packages and related support services to ensure that all users' SSL VPN product vulnerabilities are detected and repaired.

Said that because the SSL VPN business accounted for a relatively low percentage of the company's overall revenue, after the company's assessment, this incident will not have a substantial impact on the company's operations. The company will comprehensively review the causes of the SSL VPN product vulnerabilities, further increase R & D investment, improve management, reduce the probability of product vulnerabilities as much as possible, and further improve product safety.