Unknown hacker leaks 900+ Pulse Secure VPN Enterprises database on hacking forum


A database containing usernames, IPs, plaintext passwords of 900+ Pulse Secure VPN server enterprise users leaked on Russian-speaking hacker forum

Security intelligence firm, KELA which keeps tabs on dark web hacker forums recently discovered a database containing plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. The database was leaked by an unknown hacker on a Russian speaking hacker forum.

KELA security researchers shared the database with ZDNet and to verify authenticity. The database leaked by the unknown hacker includes the following details of Pulse VPN Enterprise version users.

  • IP addresses of Pulse Secure VPN servers
  • Pulse Secure VPN server firmware version
  • SSH keys for each server
  • A list of all local users and their password hashes
  • Admin account details
  • Last VPN logins (including usernames and cleartext passwords)
  • VPN session cookies

Security researchers of Bank Security also spotted the database on a dark web hacker forum and tweeted about it. However, Bank Security mentions that the hacker is well known and he/she leaked 1800 IPs of Pulse VPN users.

Bank Security researchers said that the IP addresses belonged to the Pulse Secure VPN servers that were run on a firmware version vulnerable to the CVE-2019-11510 Pulse Connect Secure arbitrary file read flaw. Bank Security says that the hacker may have used the CVE-2019-11510 vulnerability to gain access to the Pulse VPN servers and steal the user details.

ZDNet reported that the security intelligence company, Bad Packets, found nearly 913 unique IP addresses in the dump. “Of the 913 unique IP addresses found in that dump, 677 were detected by Bad Packets CTI scans to be vulnerable to CVE-2019-11510 when the exploit was made public last year.”


About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Notify of
Inline Feedbacks
View all comments