US-CERT Vulnerability Note VU#261869.
Web based VPN has always been a bad idea. This is also known as “clientless” vpn meaning you don’t have to fire up a separate application for a vpn. Like anything in the “cloud” this type of arrangement offers no real security benefit.