PT-2020-20394 · Pulse Secure · Pulse Secure Desktop Client

Published

2020-10-27

Updated

2020-10-27

CVE-2020-8956

CVSS v3.1

3.8

Low

Vector

AC:L/AV:L/A:N/C:L/I:N/PR:L/S:C/UI:N

Name of the Vulnerable Software and Affected Versions Pulse Secure Desktop Client versions 9.0Rx through 9.0R4 Pulse Secure Desktop Client versions 9.1Rx through 9.1R3

Description The issue reveals users' passwords if the Save Settings feature is enabled.

Recommendations For Pulse Secure Desktop Client versions 9.0Rx through 9.0R4, update to version 9.0R5 or later. For Pulse Secure Desktop Client versions 9.1Rx through 9.1R3, update to version 9.1R4 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-521

Related Identifiers

CVE-2020-8956

Affected Products

Pulse Secure Desktop Client

PT-2020-20394 · Pulse Secure · Pulse Secure Desktop Client

CVE-2020-8956

Weakness Enumeration

Related Identifiers

Affected Products

References · 5