Reset Search



JSA10380 - Security Vulnerability in Pulse Policy Secure Platform's Radius Authentication Server used in a Realm not doing Radius Proxy.

« Go Back


Product AffectedAll Pulse Policy Secure platform running PPS firmware 2.0x or higher. Platforms running PPS firmware 2.1R4 or higher and 1.x are NOT affected by this vulnerability.
When using a Radius authentication server in a realm configured with the "Do Not Proxy" option, an unauthenticated user may bypass the authentication step of the PPS login process. A bug in the affected PPS firmware allows a new Radius Access-Request packet to be sent to the backend Radius server with some Radius attributes containing values that duplicate the values in a previously authenticated Access-Request packet. This duplication of fields in the new Access-Request allows the Radius server to treat the new Access-Request as a duplicate of the previous Access-Request. In this case, the Radius server could return an Access-Accept message to the PPS without validating the credentials in the new Access-Request. Thus, a user might be authenticated by the PPS without the backend Radius server authenticating that user’s credentials.
Pulse Secure has resolved this issue in PPS firmware version 2.1R4. Note: All future major/minor PPS firmware releases will contain this fix. This vulnerability is not present in any 1.x version of the PPS firmware.
Related Links
CVSS Score
Risk Assessment
Alert TypePSN - Product Support Notification
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDPSN-2008-05-014, JSA10380



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255