Reset Search
 

 

Article

JSA10453 - 2010-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Local Client Logging Issue

« Go Back

Information

 
Product AffectedSA 500, SA 700, SA 1000, SA 2000, SA 2500, SA 3000, SA 4000, SA
4500, SA 5000, SA 6000, SA 6500, SA 3000 FIPS, SA 5000 FIPS, SA
4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS; IC: IC4000, IC4500, IC6000, IC6500, IC6500 FIPS
Problem
User session information is saved to the local system even when client logging is disabled.

Pulse Secure would like to acknowledge Espion Ltd. (Dublin, Ireland) for bringing this to our attention.
Solution
The following PCS & PPS software releases have a fix for this issue. We recommend upgrading your software to resolve this security vulnerability.

PCS: 6.4R7; 6.5R5; 7.0R1, or higher.
PPS: 3.1R5; 4.0R1 or higher.
Workaround
No workaround exists however this issue can be mitigated by disabling Roaming Session.
Implementation
Related Links
CVSS Score4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N)
Risk Assessment- If your machine is compromised an attacker may get the session information from the client logs & could gain unauthorized access to protected resources.
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelLow
Attachment 1 
Attachment 2 
Legacy IDPSN-2010-08-908, JSA10453

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255