A ZDNet report recently revealed that the passwords for over 900 Pulse Secure VPN Severs were leaked onto a Russian hacker site. Bank Security shared the list with ZDNet, and threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. The list includes:
- IP addresses of Pulse Secure VPN servers
- Pulse Secure VPN server firmware version
- SSH keys for each server
- A list of all local users and their password hashes
- Admin account details
- Last VPN logins (including usernames and cleartext passwords)
- VPN session cookies
- Patch all vulnerabilities in you VPN. While you are at it, you may also want to ensure you are patching all critical systems on a regular basis.
- After you have patched your VPN, ensure you change the VPN passwords, and have all users reset their passwords. This is also a good time to implement multifactor authentication on all your mission critical systems.