Vigil@nce - Junos Pulse SA, UAC: usage of weak SSL Cipher
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a Man-in-the-Middle on Junos Pulse SA or UAC,
in order to capture sessions.
– Impacted products: Junos Pulse, Juniper SA, Juniper UAC
– Severity: 2/4
– Creation date: 12/06/2014
DESCRIPTION OF THE VULNERABILITY
The Junos Pulse Secure Access Service (SSL VPN) and Junos Pulse
Access Control Service (UAC) products can be configured to use
strong SSL algorithms.
However, weak algorithms are still allowed.
An attacker can therefore use a Man-in-the-Middle on Junos Pulse
SA or UAC, in order to capture sessions.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Junos-Pulse-SA-UAC-usage-of-weak-SSL-Cipher-14891