Get a Pentest and security assessment of your IT network.

Cyber Security

CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers

U.S. Cybersecurity and Infrastructure Security Agency issues fresh advisory on Pulse Secure VPN vulnerability. Known as CVE-2019-11510, the pre-authentication arbitrary file read vulnerability could allow remote unauthenticated attackers to compromise vulnerable VPN servers and gain access to all active users and their plain-text credentials, and execute arbitrary commands. The flaw stems from the fact that directory traversal is hard-coded to be allowed if a path contains “dana/html5/acc,” thus allowing an attacker to send specially crafted URLs to read sensitive files.

Source: https://thehackernews.com/2020/04/pulse-secure-vpn-vulnerability.html

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation