First published: Thu Jul 30 2020(Updated: )
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
Credit: support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pulsesecure Pulse Connect Secure | <=9.0 | |
Pulsesecure Pulse Connect Secure | =9.1 | |
Pulsesecure Pulse Connect Secure | =9.1-r1 | |
Pulsesecure Pulse Connect Secure | =9.1-r2 | |
Pulsesecure Pulse Connect Secure | =9.1-r3 | |
Pulsesecure Pulse Connect Secure | =9.1-r4 | |
Pulsesecure Pulse Connect Secure | =9.1-r4.1 | |
Pulsesecure Pulse Connect Secure | =9.1-r4.2 | |
Pulsesecure Pulse Connect Secure | =9.1-r4.3 | |
Pulsesecure Pulse Connect Secure | =9.1-r5 | |
Pulsesecure Pulse Connect Secure | =9.1-r6 | |
Pulsesecure Pulse Connect Secure | =9.1-r7 | |
Pulsesecure Pulse Policy Secure | <=9.0 | |
Pulsesecure Pulse Policy Secure | =9.1 | |
Pulsesecure Pulse Policy Secure | =9.1-r1 | |
Pulsesecure Pulse Policy Secure | =9.1-r2 | |
Pulsesecure Pulse Policy Secure | =9.1-r3 | |
Pulsesecure Pulse Policy Secure | =9.1-r3.1 | |
Pulsesecure Pulse Policy Secure | =9.1-r4 | |
Pulsesecure Pulse Policy Secure | =9.1-r4.1 | |
Pulsesecure Pulse Policy Secure | =9.1-r4.2 | |
Pulsesecure Pulse Policy Secure | =9.1-r5 | |
Pulsesecure Pulse Policy Secure | =9.1-r6 | |
Pulsesecure Pulse Policy Secure | =9.1-r7 | |
Ivanti Connect Secure | =9.1 | |
Ivanti Connect Secure | =9.1-r1 | |
Ivanti Connect Secure | =9.1-r2 | |
Ivanti Connect Secure | =9.1-r3 | |
Ivanti Connect Secure | =9.1-r4 | |
Ivanti Connect Secure | =9.1-r4.1 | |
Ivanti Connect Secure | =9.1-r4.2 | |
Ivanti Connect Secure | =9.1-r4.3 | |
Ivanti Connect Secure | =9.1-r5 | |
Ivanti Connect Secure | =9.1-r6 | |
Ivanti Connect Secure | =9.1-r7 | |
Ivanti Policy Secure | =9.1 | |
Ivanti Policy Secure | =9.1-r1 | |
Ivanti Policy Secure | =9.1-r2 | |
Ivanti Policy Secure | =9.1-r3 | |
Ivanti Policy Secure | =9.1-r3.1 | |
Ivanti Policy Secure | =9.1-r4 | |
Ivanti Policy Secure | =9.1-r4.1 | |
Ivanti Policy Secure | =9.1-r4.2 | |
Ivanti Policy Secure | =9.1-r5 | |
Ivanti Policy Secure | =9.1-r6 | |
Ivanti Policy Secure | =9.1-r7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8206 is an improper authentication vulnerability in Pulse Connect Secure <9.1RB that allows attackers to bypass Google TOTP using a user's primary credentials.
Pulse Connect Secure versions 9.0 and Pulse Connect Secure version 9.1 up to and including 9.1-r7 are affected by CVE-2020-8206.
CVE-2020-8206 has a severity rating of 8.1 out of 10, which is considered high.
Attackers with a user's primary credentials can exploit CVE-2020-8206 to bypass Google TOTP.
Yes, users should update Pulse Connect Secure to version 9.1-r8 or later to address the vulnerability.