Tuesday, October 27, 18:30
Home security Hacker leaked passwords 900+ Pulse Secure VPN servers!

Hacker leaked passwords 900+ Pulse Secure VPN servers!

Hacker posted a list that includes usernames and plain text passwords, along with IP addresses for over 900 Pulse Secure VPN servers. ZDNet, with the help of the cyber security company "KELA", was able to obtain a copy of this list and verify its authenticity with many sources from its site cyber security.


The list includes the following:

  • IP Addresses Pulse Secure VPN servers
  • SSH keys for each server
  • Administrator account information
  • VPN session cookies
  • Pulse Secure VPN server firmware version
  • A list of all local users and their hash codes
  • Latest VPN connections, including usernames and plain text passwords
Pulse Secure VPN servers - leak

Bank Security, a cybercrime threat analyst, also discovered the list and shared it with ZDNet, and made an interesting comment about the list and its contents. Specifically, he reported that all Pulse Secure VPN servers on the list run a firmware version that is vulnerable to vulnerability located as CVE-2019-11510. In addition, the company believes that the hacker who created this list scanned the entire IPv4 Internet address space for Pulse Secure VPN servers, took advantage of the CVE-2019-11510 vulnerability to obtain access into a systems, extracted server information, including usernames and passwords, and then gathered all the information into a central repository.

Based on the information in the list, it appears that the scan dates, or the date the list was written, are between June 24 and July 8, 2020.

Pulse Secure VPN servers - leak

Also, the Bad Packets, a threat analysis company based in USA, scans the Internet for vulnerable Pulse Secure VPN servers since August 2019 when the vulnerability CVE-2019-11510 was made public. The company noted that of the 913 unique IP addresses found, Bad Packets identified from its scans that 677 were vulnerable to CVE-2019-11510 vulnerability when the exploit was made public in 2019.

From the list, it appears that the 677 companies did not proceed to patch since the first Bad Packets scan last year, while the June 2020 scans were performed by a hacker. Even if these companies fix Pulse Secure servers, they will also have to change passwords to prevent hackers from abusing their credentials which leaked to take over devices and then spread to their internal networks. This is very important, as Pulse Secure VPN servers are commonly used as gateways to corporate networks, so that staff can connect remotely to internal applications from across the Internet. These types of devices, if compromised, can allow hackers to gain easy access to a company's entire internal network. This is exactly why APT and ransomware Gangs have repeatedly targeted these systems.

Pulse Secure VPN servers

In addition, the leaked list was shared on a hacking forum frequented by many ransomware gangs. For example, gangs of REvil (Sodinokibi), NetWalker, Lockbit, Avaddon, Makop and Exorcist ransomware use the same forum to hire members (developers) and partners (clients). Many of these gangs invade corporate networks using devices such as Pulse Secure VPN servers and then develop ransomware payloads and demand huge amounts of ransom from their victims.

Publishing this list carries a lot of risks for any company that failed to fix Pulse Secure VPN last year, as some of the ransomware gangs active in this forum are very likely to use the list for future reference. attacks. Therefore, companies need to repair their Pulse Secure VPNs and change their passwords.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


How to install a .watchface file on Apple Watch

The Apple Watch lets you customize the faces of the watch to display all kinds of useful information. But did you know ...

The five biggest data breaches of the 21st century

Data is becoming more and more sought after as our daily lives become more digitized. The technology giants that monopolize data are ...

Microsoft is limiting the availability of Windows 10 20H2

Microsoft is currently restricting the availability of Windows 10 20H2 to provide all users who want to ...

How to enable the new Chrome Read more feature

The latest version of Google Chrome browser, v86, released earlier this month, contains a secret feature called Read ...

How to choose a custom color for the Start menu

Starting with the October 2020 update, Windows 10 is the default on a theme that removes bright colors from ...

NASA telescope discovers drinking water on the moon

Eleven years ago, a spacecraft changed our view of the moon forever. The data collected by ...

Microsoft: Enhances password spray attack detection capabilities

Microsoft has significantly improved the ability to detect password spray attacks in the Azure Active Directory (Azure AD) and has reached the point ...

How to prevent companies from finding our phone number

In the age of advertising, the more user information is known the more convenient it is for companies. And in particular, the ...

Violation in a psychotherapy clinic led to blackmail of patients

Two years ago, a cyber attack took place in a Finnish psychotherapy clinic, which resulted in data theft and ransom demand. Now,...

Australia: Enhances cybersecurity and privacy!

The Government of New South Wales in Australia has set up a task force to strengthen cybersecurity and protection ...