This security problem, discussed since at least 2006, could let an attacker could use these devices to bypass authentication or conduct other web-based attacks. by Ryan Naraine
View post:
Clientless SSL VPNs expose corporate users to attacks (ZDNet)
