Passwords leaked for Enterprise VPN (CVE-2019-11510)

About

According to Bank Security and posted at ZDNet, a malicious actor scanned the entire public IP space of the internet for the Pulse Secure VPN vulnerability CVE-2019-11510. They believe the list was collected around June 24th – July 8th 2020. This list includes plain-text usernames and passwords for VPN users as well as local users to the VPN Appliance. 

What Does This Mean to our Partners?

Even if you patch the Pulse VPN Vulnerability you need to enforce an organization wide password reset along with local Pulse VPN appliance password reset. 

Relevant Detections

Ensure you have our agent rolled out to EVERY device in the network. If the threat actors abuse these credentials, we will be able to detect and detain it.  

If you have a Pulse Secure VPN immediately scan it for the CVE-2019-11510 vulnerability.  

Get More Information

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510

https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/

https://twitter.com/Bank_Security/

BlackPoint Cyber

Add comment