Vigil@nce - Pulse Secure Connect Secure: Man-in-the-Middle of Hardware Acceleration
September 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can perform a Man-in-the-Middle when the Hardware
Acceleration is enabled on Pulse Secure Connect Secure, in order
to read or alter TLS session data.
Impacted products: IVE OS, MAG Series Juniper, Juniper SA, Pulse
Connect Secure, MAG Series Pulse Secure.
Severity: 2/4.
Creation date: 31/07/2015.
DESCRIPTION OF THE VULNERABILITY
The Hardware Acceleration can be enabled on Pulse Secure Connect
Secure.
However, in this case, it does not correctly compute the MAC of
the TLS Handshake Finished Message. Using a second vulnerability,
an attacker can thus perform a Man-in-the-Middle.
An attacker can therefore perform a Man-in-the-Middle when the
Hardware Acceleration is enabled on Pulse Secure Connect Secure,
in order to read or alter TLS session data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN