Reset Search
 

 

Article

JSA10379 - Security Vulnerability in Pulse Connect Secue (PCS) RADIUS authentication mechanism

« Go Back

Information

 
Product AffectedAll Pulse Connect Secure platforms running PCS 6.0R1 or higher. Platforms running PCS 5.x or older versions are NOT affected by this vulnerability.
Problem
If RADIUSis being used as the authentication mechanism on PCS running an affected release of the OS, then in a specific scenario, an unauthenticated user may be able to get past the authentication step of the PCS login process. This issue was due to a bug in the software which resulted in a RADIUS Access-Request packet being sent to the backend RADIUS server with some fields containing the same values as the previous Access-Request packet which may have caused the RADIUS server to believe that this Access-Request is a duplicate packet. Depending on how the backend RADIUS server is configured to handle this duplicate Access-Request packet the authentication step may or may not succeed on PCS  i.e. only if the backend RADIUS server responds with an Access-Accept packet without validating the credentials will authentication succeed. However if the RADIUS server validates the credentials presented in the (duplicate) Access-Request packet then this vulnerability does not pose any security risk.
Solution
Pulse Secure has resolved this issue in PCS version 6.0R5, 6.0R4.3, 6.0R3.2 and 6.1R2.1

Note: All future major/minor PCS releases will contain this fix. This vulnerability is not present in any 5.x or older version of PCS.
Workaround
Implementation
Related Links
To access the latest software, please visit http://my.pulsesecure.net
CVSS Score
Risk Assessment
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDPSN-2008-05-007, JSA10379

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255