Experts Reaction On 900 Pulse Secure Enterprise VPN Passwords Leaked

A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. The list has been shared on a Russian-speaking hacker forum frequented by multiple ransomware gangs.

According to a review, the list includes:

  • IP addresses of Pulse Secure VPN servers
  • Pulse Secure VPN server firmware version
  • SSH keys for each server
  • A list of all local users and their password hashes
  • Admin account details
  • Last VPN logins (including usernames and cleartext passwords)
  • VPN session cookie

EXPERTS COMMENTS
Niamh Muldoon, Senior Director of Trust and Security, EMEA,  OneLogin
August 06, 2020
This was a vulnerability exposed last year as well, making it evermore disappointing that it wasn’t managed sooner.
VPNs are typically used by organisations to protect privacy and maintain data security. This leak of passwords and usernames is the antithesis of the VPN’s purpose. The fact that this breach was the result of a firmware vulnerability, goes to show the importance of running frequent audits as well as implementing a consistent updating and patching schedule. This was a vulnerability exposed last y ....
[Read More >>]
Rodrigo Jazinski, CTO ,  CyberSmart
August 06, 2020
This is a very disturbing breach.
This is a very disturbing breach. We are seeing an increase in compromised and fraudulent VPNs recently, especially among free versions. Businesses should always be paying for legitimate VPNs as the cost of a breach like this could be enormous. Hackers with these hash keys will be able to decrypt any encryption and hashed data that was supposed to be protected via the VPN. That means everything (b ....
[Read More >>]
David Kennefick, Product Architect,  edgescan
August 06, 2020
A regular scan of your external facing estate should pick up this issue.
Security teams have had a lot to deal with over the last few months. This vulnerability has been in the wild for a while and by the looks of it hackers have had the chance to exploit it for nearly a year. We are starting to see the impact of this, and the servers impacted are examples of what happens when critical risk findings are not addressed. Teams need to have visibility over the versions of ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
August 06, 2020
Because security tools are usually the first point of contact, they run higher privilege.
Attackers will try to leverage any way they can into organisations. In recent times, we've seen criminals try to compromise security software as part of their attack strategy. Because security tools are usually the first point of contact, they run higher privilege and have access to lots of data, they become a very rewarding target. It's why organisations should take care of their security tools, ....
[Read More >>]
Doron Naim, Cyber Research Group Manager,  CyberArk Labs
August 06, 2020
In the case of the Pulse Secure VPN breach, usernames, plain-text passwords, and IP addresses were exposed.
While VPNs have an essential role to provide employees and third parties with remote access, they also provide a direct data tunnel to corporate networks which can be used to provide privileged access to critical business systems and applications i.e. the targets that are most valuable for hackers. In the case of the Pulse Secure VPN breach, usernames, plain-text passwords, and IP addresses w ....
[Read More >>]
David Higgins, EMEA Technical Director,  CyberArk
August 06, 2020
In the case of the Pulse Secure VPN breach, usernames, plain-text passwords, and IP addresses were exposed.
While VPNs have an essential role to provide employees and third parties with remote access, they also provide a direct data tunnel to corporate networks which can be used to provide privileged access to critical business systems and applications i.e. the targets that are most valuable for hackers. In the case of the Pulse Secure VPN breach, usernames, plain-text passwords, and IP addresses were ....
[Read More >>]
Mounir Hahad, Head ,  Juniper Threat Labs, Juniper Networks
August 06, 2020
This data could have been sitting in this hacker’s treasure trove for a number of months until they decided to publish it.
The immediate focus of every organization should be to ensure no future unauthorized logins occur. Anyone who had run the vulnerable version of Pulse VPN after the disclosed vulnerability should force all users to change passwords immediately and invalidate those passwords that do not get changed in a 24 hour window. Admins should also change their passwords and ssh keys on the Pulse VPN devices. ....
[Read More >>]
Laurence Pitt, Global Security Strategy Director,  Juniper Networks
August 06, 2020
The data published lists only 900 servers.
The fact that this vulnerability allowed for username/cleartext password combinations to be exposed is bad enough, but what makes it unacceptable is that this was reported in a CVE released over a year ago and fixed in a later version of the product. Organizations today rely on VPN services to keep their businesses going, as it provides access to sensitive services and data on the corporate networ ....
[Read More >>]
Martin Cannard, Product Strategy,  Stealthbits Technologies
August 06, 2020
Owning the firewall or network device gets you through the door, but aside from DoS attacks, you still need a mechanism to launch an attack.
Building a security program designed to adequately address the most prevalent threats a remote workforce poses isn’t likely to happen as quickly as most organizations need it to. However, that doesn’t mean that focus on other components of the security equation can’t be just as effective (or even more so) when considering what it is that attackers need to do once they’ve made it past the f ....
[Read More >>]
Saryu Nayyar, CEO,  Gurucul
August 06, 2020
In fact, over six hundred of the breached servers had been discovered as vulnerable last year.
The reported release of user information, IP addresses, and passwords from over nine hundred Pulse Secure VPN servers, is the direct result of Security Administrators not taking the time to patch their systems. The attacker leveraged a vulnerability that was discovered and reported over a year ago, and Pulse Secure themselves strongly advised applying their patch. In fact, over six hundred of the ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article