PT-2020-20025 · Pulse Secure+1 · Pulse Connect Secure+1
Published
2020-07-30
·
Updated
2024-02-27
·
CVE-2020-8206
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Pulse Connect Secure versions prior to 9.1RB
Description
An issue exists where improper authentication allows an attacker with a user's primary credentials to bypass Google TOTP authentication.
Recommendations
For versions prior to 9.1RB, update to version 9.1RB or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources that rely on Google TOTP for authentication until the update is applied.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Totp
Pulse Connect Secure