Reset Search
 

 

Article

SA40662 - Pulse Workspace data exposure

« Go Back

Information

 
Product AffectedThis issue impacts the following product: Pulse Workspace
Problem
A data exposure issue was discovered by a third party security research group where access to a small section of Pulse Secure customer data store on a recognized cloud service provider during the period of 11 AM to 2 PM on March 16, 2017.  During this three-hour period, Pulse Secure has no evidence that any other parties accessed this data.  

Pulse Secure has notified all customers of the exposure in a separate communication.  

This is an official joint disclosure with the third party vendor, Appthority.

What information was involved?

The accessible information consisted of the following data:
  • Full Employee Name
  • Email addresses
  • Phone numbers
  • PIN reset tokens
  • Passcode lengths
  • Account dates
  • Last seen dates
  • Device Information (IMEIs , OS Version and carrier info)
  • Applied Security Policy Information: Enterprise VPN Certificate Data for the user’s employer
Solution
Pulse Secure takes data security very seriously.  Pulse Secure worked closely with the third party vendor to ensure the data is no longer exposed and have taken additional measures to prevent this issue from occurring in the future.

Recommendations:

While no passwords were exposed, Pulse Secure would recommend that those individuals who had their email address exposed reset their passwords to ensure a strong password is associated with the affected email address.
Workaround
Implementation
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert Type 
Risk Level 
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255