Many Pulse Connect Secure VPN servers are still affected by a security vulnerability that has been known since April 2019. A stranger has now published a list of 1,800 IP addresses, user names and passwords in a forum used by cybercrime actors.
Of those, apparently, over 900 are still easily attackable, reports the US magazine ZDnet. So either the admins didn’t install the patches released at the time, or they didn’t change the compromised passwords afterwards.
Open for over a year
Criminal cyber gangs like to use such access to gain access to company networks, which they then blackmail with the stolen and often encrypted data. The business is worth it: In such incidents, millions of dollars are often demanded and paid for.
CERT-Bund is suing, “several dozen German companies are also affected”, although network operators / providers have been regularly informed about the open systems for a year. Heise Security had also warned several times about the dangers posed by Pulse VPN.
Anyone who administers a Pulse VPN server should immediately leave everything behind and check whether the patch for the vulnerability CVE-2019-11510 has been applied and whether the passwords have also been changed. Here is the security advisory from PulseSecure, with the clear hint: “Any end user and administrator passwords used to login to the device should be changed”: