900+ enterprise Pulse Secure VPN servers’ passwords leaked. Change your password

Cybersecurity specialists report that a hacker, or hacker group, has leaked a list of plain text usernames and passwords, in addition to the IP addresses of more than 900 Servers of the firm Pulse Secure, which provides virtual private network (VPN) services.

Researchers on the ZDNet platform, with the help of security firm KELA, obtained a copy of the compromised information, verifying that the records are real and the list is up to date. After a preliminary review, the researchers reported that the list includes:

  • IP addresses of Pulse Secure servers
  • Firmware version of the Pulse Secure server
  • SSH keys for each server
  • List of local users and their encrypted passwords
  • Administrator account details
  • Latest VPN logins (including unencrypted usernames, passwords, and passwords)
  • VPN session cookies

In this regard, the well-known financial crime intelligence analyst Bank Security noted that all Pulse Secure VPN servers, including those exposed in the incident, are exposed to the exploitation of the CVE-2019-11510 flaw.

The researcher believes that those responsible for the attack obtained this list by exploiting this vulnerability to gain access to the systems, dump the server details, and collect the information into a central repository. Time stamps indicate that the incident would have occurred between June 24 and July 8.

The bad packets firm has also been analyzing the servers vulnerable to CVE-2019-11510, claiming that of the 913 IP addresses, at least 670 were detected as vulnerable for a year, at which point the exploit became public. These implementations were never fixed, so threat actors exploited the vulnerability safely.

Experts add that the single installation of security patches is insufficient to fix these flaws, as login credentials need to be reset to fully mitigate the possibility of attacks. It should be remembered that the commitment of devices operating with VPN could allow threat actors to easily access a company’s entire network, making these vulnerabilities attractive to hacker groups.