SA40013 - TLS/SSL Renegotiation Vulnerability Pulse Connect Secure (PCS) (CVE-2009-3555) (Pulse Secure PSN-2009-11-573

The industry-wide TLS/SSL renegotiation issue (CVE-2009-3555) has been found in the Pulse Connect Secure (PCS) device. This issue has been reported as a man in the middle (MITM) attack by many news outlets; but, in reality, it is not a true bi-directional MITM attack. This issue allows an attacker to only inject traffic into the initial part of a connection.

To exploit this issue, the attacker would need to have layer two access to the network medium (LAN access) at some point between the client and the SSL VPN. SSL renegotiations come in two forms; the first is client initiated renegotiation and the second is server initiated renegotiation. Support for Client initiated renegotiation has been disabled in PCS OS 6.5R2, 6.4R4.1, 6.3R7 and newer releases, and PPS 3.1R2 and newer releases as well. However, server initiated renegotiation was not removed, as it is required for at least the client certificate authentication.

How to detect if you are vulnerable to this issue (client initiated renegotiation tests only):

There are many ways to check if client renegotiation is enabled. The following list provides the methods to check your Pulse Connect Secure (PCS) device:

    The following web site tests SSL web sites for renegotiation:
    https://www.ssllabs.com/

    For OpenSSL command line tests, refer to the following link:
    http://www.openssl.org

    For command line instructions, refer to the following link:
    http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html)


    This tool was developed by the Leviathan Security Group and specifically created to test this issue:
    http://www.leviathansecurity.com/pdf/ssltlstest.zip


Currently, no known tests (outside of running a TCP Dump) are available to detect if server initiated renegotiations are taking place.

Current mitigations for known exploits for the issue:

    Upgrade the device to PCS OS 6.5r2, 6.4r4.1, 6.3R7 or later and the PPS device to PPS 3.1R2 or later.
    Disable the use of client certificate authentication.


    If you require client certificate authentication, disable the Browser request follow-through feature under Roles > General > Session Options.


Complete fix information:

After upgrading to PCS 7.1R1 or later or PPS 4.1R1 or later, the PCS/PPS Admin should disable the SSL Legacy Renegotiation Support option under System > Configuration > Security > SSL Option.