Clientless SSL VPNs expose corporate users to attack

"Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms, according to a warning from the U.S. Computer Emergency Response Team (US-CERT). This security problem, discussed since at least 2006, could let an attacker use these devices to bypass authentication or conduct other web-based attacks. Clientless VPN products from Juniper Networks, Cisco Systems, SonicWall and SafeNet are confirmed vulnerable."

More Here...