Related Articles

KB21063 - [Sign In Pages] How to customize text on sign-in page

KB22273 - [Sign In Pages] Changing the custom sign-in page with simple HTML code

KB40962 - SAML sign-in page resizes to a smaller window when using Pulse Secure Desktop client

KB40954 - How to configure the Pulse Secure Desktop client to use the custom sign-in pages provided by Duo Security instead of using the standard Pulse Secure login prompts

KB24283 - Scanning PCS with NMAP reveals the sign in page title

KB45273 - When connecting to Pulse Connect Secure (PCS) device, end user is prompted with "You are not allowed to sign in. (Error 1329)"

KB44670 - Pulse Secure Client upgrade from PCS/PPS irrespective of the end user's OS/platform

KB45352 - Steps to edit the color of the bar at the top of the sign-in page using custom sign in pages

KB40887 - How to isolate or fix third party conflict issue with Pulse Secure Desktop client

KB40426 - How to configure Pulse based SAM access to assist Pulse Secure team to debug rewrite issues

< Back to search results

Article

SA40212 - [Pulse Secure] Sign in page disclosure issue (CVE-2016-4792)

« Go Back

Information

Product Affected	Pulse Connect Secure

Problem

An issue was found on the Pulse Connect Secure device that could allow disclosure of sign in pages. The security of the pages is not affected by this issue. This issue was assigned: CVE-2016-4792.

Solution

This issue is resolved as part of a new feature and is first available in PCS 8.2r1.

Software downloads can be located on our support site: https://my.pulsesecure.net

Workaround

There are no work arounds for this issue. The only way to resolve the issue is to upgrade to a fixed release of software.

Implementation

Related Links

CVSS Score	5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Risk Assessment

Acknowledgements

This vulnerability was discovered and responsibly reported to Pulse Secure by Jake Reynolds from Depth Security.

Alert Type	SA - Security Advisory

Risk Level	Medium

Attachment 1

Attachment 2

Legacy ID