Reset Search
 

 

Article

JSA10380 - Security Vulnerability in Pulse Policy Secure Platform’s Radius Authentication Server used in a Realm not doing Radius Proxy.

« Go Back

Information

 
Product AffectedAll Pulse Policy Secure platform running PPS firmware 2.0x or higher. Platforms running PPS firmware 2.1R4 or higher and 1.x are NOT affected by this vulnerability.
Problem
When using a Radius authentication server in a realm configured with the "Do Not Proxy" option, an unauthenticated user may bypass the authentication step of the PPS login process. A bug in the affected PPS firmware allows a new Radius Access-Request packet to be sent to the backend Radius server with some Radius attributes containing values that duplicate the values in a previously authenticated Access-Request packet. This duplication of fields in the new Access-Request allows the Radius server to treat the new Access-Request as a duplicate of the previous Access-Request. In this case, the Radius server could return an Access-Accept message to the PPS without validating the credentials in the new Access-Request. Thus, a user might be authenticated by the PPS without the backend Radius server authenticating that user’s credentials.
Solution
Pulse Secure has resolved this issue in PPS firmware version 2.1R4. Note: All future major/minor PPS firmware releases will contain this fix. This vulnerability is not present in any 1.x version of the PPS firmware.
Workaround
Implementation
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDPSN-2008-05-014, JSA10380

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255