A ZDNet report recently revealed that the passwords for over 900 Pulse Secure VPN Severs were leaked onto a Russian hacker site. Bank Security shared the list with ZDNet, and threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. The list includes:
- IP addresses of Pulse Secure VPN servers
- Pulse Secure VPN server firmware version
- SSH keys for each server
- A list of all local users and their password hashes
- Admin account details
- Last VPN logins (including usernames and cleartext passwords)
- VPN session cookies
According to Bank Security, the Pulse Secure VPN servers included in the list were all running a firmware version vulnerable to the CVE-2019-11510 vulnerability. From Bank’s research, it looks like the data was compiled from June 24th to July 8, 2020. The CVE-2019-11510 vulnerability was made public for the first-time last August.
This ZDNet story highlights a few key things that should be of concern to any business owner. First, the fact that the passwords are out there is worrisome. Second, a patch for this vulnerability has been available for a while, if your password was breached, it means that your Pulse VPN hasn’t been patched recently. The third worry is that with password re-use being common, is it possible that other systems have the same passwords?
Of course, the biggest worry is that Pulse Secure VPN servers are usually employed as access gateways into corporate networks so staff can connect remotely to internal apps from across the internet. This is especially of concern this year with COVID-19 forcing many employees to work from home and access data remotely. When these types of devices are compromised, it allows hackers easy access to a company's entire internal network and become a prime target of ransomware gangs.
If you suspect your Pulse VPN password may have been leaked, here are some steps you can take to ensure they aren’t used against you in a breach:
- Patch all vulnerabilities in you VPN. While you are at it, you may also want to ensure you are patching all critical systems on a regular basis.
- After you have patched your VPN, ensure you change the VPN passwords, and have all users reset their passwords. This is also a good time to implement multifactor authentication on all your mission critical systems.
Whether you need help with vulnerability management or password management, Uzado can help. Contact us today to learn more about our approach to securing your network