image credit: Unsplash

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

August 5, 2020

ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

ZDNet has obtained a copy of the list with the help of threat intelligence firm KELA and verified confirmed the authenticity of the data.

The list includes:

  • IP addresses of Pulse Secure VPN servers
  • Pulse Secure VPN server firmware version
  • SSH keys for each server
  • A list of all local users and their password hashes
  • Admin account details
  • Last VPN logins (including usernames and cleartext passwords)
  • VPN session cookies

Read More on Security Affairs